Not that I have a better suggestion than yours, but I don't like "whitelisting" at the ip level. If I have multiple trusted routers this ends up as a long shell-script that tries to feed ips until it works. I can see a point (for both v4 and v6) to sometimes lock the arp/ndp for your def-gw so that noone else can trivially spoof the gw ip, but adding the gws own idea of some other ip it has to a whitelist of acceptable senders of ndp feels like a layering violation to me.
2013/5/8 Stefan Bagdohn <ste...@bagdohn.de> > > Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl > > flag mentioned at > > http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc > > could be used for the odd cases where it's needed? > > This is an all-or-nothing approach. What about the option to provide the > "known-good" address of the router (via sysctl or by other means)? > If an address is given, treat this exception as a neighbor. If left empty, > just behave as-is. > > -- May the most significant bit of your life be positive.