Community discussions

MikroTik App
  4. RouterOS
  5. General

IPv6 firewalling

Post Reply
 
christopherANSA
just joined
Topic Author
Posts: 8
Joined: Fri Sep 22, 2017 5:58 pm

IPv6 firewalling

Sat Nov 04, 2017 6:56 pm

Hi All,

I am currently tunneling IPv6 traffic from my office back to my house. I have configured this basic firewall on my router:

Code: Select all

/ipv6 firewall filter
add action=accept chain=input comment="Allow established connections" connection-state=established
add action=accept chain=input comment="Allow related connections" connection-state=related
add action=accept chain=input comment="Allow limited ICMP" limit=50/5s,5 protocol=icmpv6
add action=accept chain=input comment="Allow UDP" protocol=udp
add action=drop chain=input
add action=accept chain=forward comment="Allow established connections" connection-state=established
add action=accept chain=forward comment="Allow related connections" connection-state=related
add action=drop chain=forward disabled=yes
Is there any way which I could improve on this, or add rules on my Win10 machine to prevent network intrusion?

Thanks in advance,
CH.
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: IPv6 firewalling

Tue Nov 07, 2017 2:36 am

You may want to look at explicitly allowing some ICMPv6 codes like "TOO BIG" in FORWARD just in case established/related doesn't pick it up to prevent fragmentation issues.
Top
 
GaryGapinski
just joined
Posts: 2
Joined: Sat Oct 28, 2017 9:43 am
Location: USA

Re: IPv6 firewalling

Fri Nov 10, 2017 11:49 am

I'm unsure why any/all UDP is allowed in.

As idlemind mentioned, ICMPv6 could be a bit more discrete. https://tools.ietf.org/html/rfc4890 has details.
Top
Post Reply
  4. RouterOS
  5. General