diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 3074382db..6d973723c 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -42,6 +42,8 @@ New user-visible features
 - (internet) Ipv6 routing protocols must now *not* forward packets to upper layers
   unless for extremey specific cases. The Ipv6L3protocol handles almost all the
   packets directed to the host.
+- (internet) Ipv6 can now reject packets directed to an address not configured on 
+  the interface they are received from (Strong End System Model, RFC 1222).
 
 Bugs fixed
 ----------
@@ -64,6 +66,7 @@ Bugs fixed
 - Bug 2208 - Interface index based L4 protocols
 - Bug 2211 - Ipv{4,6}EndPoint can cause memory corruption
 - Bug 2219 - SixLowPanNetDevice hangs trying to decode a IPv6 Fragment extension header
+- Bug 2233 - Implement RFC 1222 - Strong End System Model
 - Bug 2238 - Ipv6 routing reorganization
 
 Known issues
diff --git a/src/internet/model/ipv6-l3-protocol.cc b/src/internet/model/ipv6-l3-protocol.cc
index 57f5ac871..3867cdb35 100644
--- a/src/internet/model/ipv6-l3-protocol.cc
+++ b/src/internet/model/ipv6-l3-protocol.cc
@@ -84,6 +84,11 @@ TypeId Ipv6L3Protocol::GetTypeId ()
                    MakeBooleanAccessor (&Ipv6L3Protocol::SetSendIcmpv6Redirect,
                                         &Ipv6L3Protocol::GetSendIcmpv6Redirect),
                    MakeBooleanChecker ())
+    .AddAttribute ("StrongEndSystemModel",
+                   "Reject packets for an address not configured on the interface they're coming from (RFC1222).",
+                   BooleanValue (true),
+                   MakeBooleanAccessor (&Ipv6L3Protocol::m_strongEndSystemModel),
+                   MakeBooleanChecker ())
     .AddTraceSource ("Tx",
                      "Send IPv6 packet to outgoing interface.",
                      MakeTraceSourceAccessor (&Ipv6L3Protocol::m_txTrace),
@@ -1010,12 +1015,6 @@ void Ipv6L3Protocol::Receive (Ptr<NetDevice> device, Ptr<const Packet> p, uint16
       return;
     }
 
-  /// \todo  Configurable option to enable \RFC{1222} Strong End System Model
-  // Right now, we will be permissive and allow a source to send us
-  // a packet to one of our other interface addresses; that is, the
-  // destination unicast address does not match one of the iif addresses,
-  // but we check our other interfaces.  This could be an option
-  // (to remove the outer loop immediately below and just check iif).
   for (uint32_t j = 0; j < GetNInterfaces (); j++)
     {
       for (uint32_t i = 0; i < GetNAddresses (j); i++)
@@ -1024,15 +1023,20 @@ void Ipv6L3Protocol::Receive (Ptr<NetDevice> device, Ptr<const Packet> p, uint16
           Ipv6Address addr = iaddr.GetAddress ();
           if (addr.IsEqual (hdr.GetDestinationAddress ()))
             {
+              bool rightInterface = false;
               if (j == interface)
                 {
                   NS_LOG_LOGIC ("For me (destination " << addr << " match)");
+                  rightInterface = true;
                 }
               else
                 {
                   NS_LOG_LOGIC ("For me (destination " << addr << " match) on another interface " << hdr.GetDestinationAddress ());
                 }
-              LocalDeliver (packet, hdr, interface);
+              if (rightInterface || !m_strongEndSystemModel)
+                {
+                  LocalDeliver (packet, hdr, interface);
+                }
               return;
             }
           NS_LOG_LOGIC ("Address " << addr << " not a match");
diff --git a/src/internet/model/ipv6-l3-protocol.h b/src/internet/model/ipv6-l3-protocol.h
index eb50a6e34..dabb3c89b 100644
--- a/src/internet/model/ipv6-l3-protocol.h
+++ b/src/internet/model/ipv6-l3-protocol.h
@@ -694,6 +694,11 @@ private:
    */
   uint8_t m_defaultTclass;
 
+  /**
+   * \brief Rejects packets directed to an interface with wrong address (\RFC{1222}).
+   */
+  bool m_strongEndSystemModel;
+
   /**
    * \brief Routing protocol.
    */