IPv6 firewall features

sergejs · July 16, 2008, 1:21pm

As you probably know IPv6 is slowly coming with all the new features and options. So it might be good time to look at things that are missing.

This time we would like to know what do you need in IPv6 firewall (filter,mangle) - What matchers? What actions? What IPv6 options?

omega-00 · July 29, 2008, 11:53am

Will IPv6 DHCP be available soon as well?

address-lists are useful currently, would be nice to have IPv6 address lists supported.

Also interested on how well the hotspot will cope with IPv6, assuming there is some upgrades required to the inbuilt DNS server to make it work with IPv6

Perhaps a mikrotik rep would care to put up a guide as to how to run a dual-stacked hotspot when the time comes?

gustkiller · July 29, 2008, 12:10pm

…and a dual stack operation how to.

ipv6 simple queues
NAT-PT ( for make backwards compatibility with ipv4 destinations in a ipv6only network)

omega-00 · July 30, 2008, 6:24am

http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars - Article on IPv6 Firewalling (Interesting read)

Elvaelf · August 3, 2008, 8:13am

Just mikrotik v3.x support IPV6?

normis · August 4, 2008, 8:33am

yes

andrewluck · August 4, 2008, 5:21pm

I’ll second the request for address lists.

Kind regards

Andrew

foobaz · August 21, 2008, 11:29pm

I’d like IPV6 DHCP and DNS.

roadrunner · August 26, 2008, 6:47am

IPv6 ND (Neighbor Discovery) can be used instead of IPv6 DHCP

omega-00 · August 26, 2008, 7:47am

With IPv6 DHCP is mostly used to distribute additional information, such as DNS server addresses, although there will be a way to do this through router advertisements as well soon which may remove the need for it in some more locations.

roadrunner · August 26, 2008, 9:28am

I keep on forgetting that ND does just the basic addressing and that DHCP is still used for a lot of the rest of the informantion.

roadrunner · August 26, 2008, 9:49am

IPv6 firewall features:

shortcut to match link local addresses easily
optionally match items within a 6to4 tunnel so those packets don’t bypass firewall rules.
add address-lists like the ipv4 firewall has.

Other IPv6 features:

6to4 relay and Miredo/Teredo service
Enable IPv6 for every service in RouterOS: hotspot, winbox, Dude, Userman, etc.
PPPoE able to assign and route dynamic /64 blocks (out of a larger block) to PPPoE users.

omega-00 · August 29, 2008, 3:24am

+1 to the following:

Enable IPv6 for every service in RouterOS: hotspot, winbox, Dude, Userman, etc.
6to4 relay and Miredo/Teredo service

cmartin · August 30, 2008, 5:46pm

I would like to join with:
radvd (router advertising) functionality, which can simplify workstations configuration strongly.

sergejs · September 1, 2008, 12:13pm

Address-list feature for IPv6 will be added in the next version.

As well there will be the following options,

*) hop-limit matcher;
*) hop-limit action;
*) icmpv6 matcher;
*) ipv6 extension header matcher.