MikroTik

Community discussions
https://forum.mikrotik.com/

IPv6 firewalling

https://forum.mikrotik.com/viewtopic.php?t=127390

Page 1 of 1

IPv6 firewalling

Posted: Sat Nov 04, 2017 6:56 pm
by christopherANSA
Hi All,

I am currently tunneling IPv6 traffic from my office back to my house. I have configured this basic firewall on my router:

Code: Select all

/ipv6 firewall filter
add action=accept chain=input comment="Allow established connections" connection-state=established
add action=accept chain=input comment="Allow related connections" connection-state=related
add action=accept chain=input comment="Allow limited ICMP" limit=50/5s,5 protocol=icmpv6
add action=accept chain=input comment="Allow UDP" protocol=udp
add action=drop chain=input
add action=accept chain=forward comment="Allow established connections" connection-state=established
add action=accept chain=forward comment="Allow related connections" connection-state=related
add action=drop chain=forward disabled=yes
Is there any way which I could improve on this, or add rules on my Win10 machine to prevent network intrusion?

Thanks in advance,
CH.

Re: IPv6 firewalling

Posted: Tue Nov 07, 2017 2:36 am
by idlemind
You may want to look at explicitly allowing some ICMPv6 codes like "TOO BIG" in FORWARD just in case established/related doesn't pick it up to prevent fragmentation issues.

Re: IPv6 firewalling

Posted: Fri Nov 10, 2017 11:49 am
by GaryGapinski
I'm unsure why any/all UDP is allowed in.

As idlemind mentioned, ICMPv6 could be a bit more discrete. https://tools.ietf.org/html/rfc4890 has details.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/