Update networkmanager privacy configs

root/etc/NetworkManager/conf.d/ipv6-privacy.conf

@@ -0,0 +1,39 @@
+# IPv6 address generation and privacy defaults.
+#
+# Most IPv6 networks use SLAAC (Stateless Address Autoconfiguration),
+# where the host generates its own IPv6 addresses based on the network
+# prefix advertised by the router.
+#
+# Two mechanisms influence how these addresses appear:
+#
+#   ipv6.addr-gen-mode
+#       Controls how the *stable* SLAAC address is generated.
+#
+#       stable-privacy:
+#           Generate a deterministic pseudorandom address derived from
+#           a kernel secret and the network prefix. This prevents the
+#           legacy EUI-64 mechanism from exposing the device's MAC
+#           address in the IPv6 address.
+#
+#   ipv6.ip6-privacy
+#       Enables RFC 4941 temporary IPv6 addresses. These are additional
+#       short-lived addresses that rotate periodically and are preferred
+#       for outbound connections to prevent remote tracking.
+#
+# With these settings a network interface will typically have:
+#
+#   - one stable pseudorandom IPv6 address
+#   - one or more temporary rotating addresses used for outbound traffic
+#
+# Note that temporary addresses do NOT replace the stable address. The
+# interface will still have one stable address used for inbound connections,
+# it will just use the temporary ones for outbound ones.
+#
+# Values for ipv6.ip6-privacy:
+#   0 = disable temporary addresses
+#   1 = enable but prefer the stable address
+#   2 = enable and prefer temporary addresses
+
+[connection]
+ipv6.addr-gen-mode=stable-privacy
+ipv6.ip6-privacy=2