IPv6 forwarding traffic being dropped by input rule

RouterOS General
1

I’m getting IPv6 setup on our network and it is mostly going well.

For example, I can ping ipv6.google.com from my laptop just fine. However, when I add the following rule on the router the traffic is dropped:

chain=input action=drop src-address=!xxxx:xxxx:a180::/41

Where

xxxx:xxxx:a180::/41

is our entire IPv6 block.

However, I would totally expect this rule to not effect any traffic being forwarded through the router (because it is on the input chain, not the forward chain).

Is this some quirk of IPv6 I am not aware of? Anyone know what would cause a router (rb4011, 6.47.10) to apply the input chain to forward traffic?

I’m not that new to this, but I’m new enough that there are probably still some holes in my knowledge.

2

I’m pretty sure I’ve just figured it out. That firewall rule will be dropping anything on the fe80:: link-local addresses, as well as dropping ospf-v3 traffic.

This also explains why it takes a few seconds for the packets to start dropping, as it takes a few seconds for OSPF to drop all its routes.

3

Rethink on first post, how someone know you use OSPF without post the export of the configuration?

With one Palantír?

I’m happy you solve, but next time think how make questions…
Thanks.