Hi,
I have a RB192 connected to SIXXS using a 6-4 tunnel. This is working fine. But now i want to protect the clients on my lan from being connected from the big ipv6 world.
However al that im trying isnt helping
[admin@mt2] /ipv6 firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow ping from SIXXS interface
chain=input action=log protocol=icmpv6 in-interface=6to4-sixxs log-prefix="ipv6-icmp"
1 chain=input action=accept protocol=icmpv6 in-interface=6to4-sixxs
2 ;;; Allow access from our local network. Edit this!
chain=input action=accept src-address=2001:masked-ip::/48
3 ;;; Log and drop everything else
chain=input action=log log-prefix=""
4 chain=input action=drop
5 ;;; Accept ping to all nodes on the network
chain=forward action=accept protocol=icmpv6
6 X ;;; Allow Established Connections
chain=forward action=accept connection-state=established
7 ;;; Allow Related Connections
chain=forward action=accept connection-state=related
8 ;;; Drop Invalid Connections
chain=forward action=drop connection-state=invalid
9 chain=forward action=drop protocol=tcp dst-address=2001:masked-ip::/48 dst-port=22
10 chain=forward action=drop protocol=tcp dst-address=2001:masked-ip::/48 dst-port=5900
11 X chain=forward action=log log-prefix=""
[admin@mt] /ipv6 firewall filter>
I want to permit all outbound connections from the laptops behind mikrotik. But i want to deny al incomming connections from the sixxxs network. When i use connection-state=established
al connections seems to be marked as established so my notebook is fully open. (thats why i added rule 9 and 10, just to protect the notebook until i got a soluition. Another machine on the netwerk is protected bij shorewall6 but i want mikrotik to do this task