Exam 202-450 topic 1 question 5 discussion

A+D: A: Those are "Link Local" adresses. Link locals are not routed. They are kinda private adresses("Local" as the name says) . As they are not routed they should never show up in FORWARD(forwarded packages) but only in INPUT(incomming) and OUTPUT(outgoing). D: Nevertheless is it possible to craft a rule that aditionally blocks such addresses - why shouldn't it? Useless but no Error. [ For E - wrong - : Only FORWARD(= only packages routed,forwarded by the kernel ) are blocked and OUTPUT(outgoing) and INPUT(incomming) is not blocked. Traffic from an to other devices goes freely in and out -> Communication to other devices including routers and dhcpv6 will not be blocked. ] I think key for this question is to spot, the FE80 which are Link Local adresses, which are

A and D are correct

A and D is correct

A. Packets with source or destination addresses in the fe80::/64 range should not occur in the FORWARD chain. This statement is correct because fe80::/64 addresses are typically used for communication within a local network and should not be involved in routing between interfaces in the FORWARD chain. D. Both ip6tables commands complete without an error message or warning. This means that the iptables commands execute without syntax errors.

I've made some research and found that: - IPv6 link-local addresses can be forwarded between network interfaces, but it is also a requirement that both the interfaces must be in the same subnets! - The E option is true, because these rules drops all the IPv6 packets from/to the link-local addresses. DHCPv6 uses link-local addresses for router advertisements, therefore these rules are appropriate to prevent the forwarding of the router advertisements between the interfaces.

A and D is correct

I don't think E is correct, only info I can find on suppressing router advertisements is via sysctl. https://sysctl-explorer.net/net/ipv6/accept_ra/