[j-nsp] Forwarding IPv6 link-local packets?

[Chris Adams]

I noticed some (anti-spoofing) IPv6 filter drops got logged, so I went
to track down the source of the problem.  Annoyingly, the source address
was a link-local address (although the destination addresses were on the
Internet).  I tracked down the source (only because I don't have a lot
of IPv6 traffic yet).

My question is this: why is a packet with a link-local source forwarded
at all?  I have uRPF enabled on the interface, but I guess since
fe80::/64 is considered a valid route for all IPv6 interfaces, uRPF
won't catch that.  Is there any practical way to turn off link-local
forwarding, other than to apply filters to every interface?

Or am I just missing something obvious?

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.