kernel - Adjustments for CERT VU#711516
Note that IPV6 route advertisements are disabled by default, so these
adjustments have no real security implications if you haven't enabled
it. And, generally speaking, enabling IPV6 route advertisements is a
really bad idea anyway and these adjustments only address one small part
of the problem.
* Allowing RTR packets via net.inet6.ip6.accept_rtadv is not advised
even with this adjustment.
* Add a sysctl to put a lower limit on the IPV6 hop limit received via
RTR packets when allowed, default is 39. sysctl net.inet6.ip6.minhlim.