Community discussions

MikroTik App
 
sergeygals
just joined
Topic Author
Posts: 4
Joined: Tue Jan 28, 2020 5:00 pm

IPv6 firewall reject rules are not working

Thu Feb 18, 2021 9:34 am

v7.1beta4 on 962UiGS-5HacT2HnT
[admin@MikroTik-router] /ipv6/firewall/filter> print
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=forward action=reject reject-with=icmp-port-unreachable protocol=tcp 
      dst-address=2a02:790:1:d::100:166/128 dst-port=443 log=yes log-prefix="" 

╰─➤ curl --connect-timeout 10 -v https://\[2a02:790:1:d::100:166\]:443
*   Trying 2a02:790:1:d::100:166:443...
* Connection timed out after 10001 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 10001 milliseconds

# tcpdump -ni br10 host 2a02:790:1:d::100:166 or icmp or icmp6
dropped privs to pcap
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br10, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:24:53.574398 IP6 2a02:2698:XXX.39234 > 2a02:790:1:d::100:166.443: Flags [S], seq 3080098214, win 64800, options [mss 1440,sackOK,TS val 1055333772 ecr 0,nop,wscale 7], length 0
11:24:54.616955 IP6 2a02:2698::XXX.39234 > 2a02:790:1:d::100:166.443: Flags [S], seq 3080098214, win 64800, options [mss 1440,sackOK,TS val 1055334815 ecr 0,nop,wscale 7], length 0
11:24:56.665476 IP6 2a02:2698::XXX.39234 > 2a02:790:1:d::100:166.443: Flags [S], seq 3080098214, win 64800, options [mss 1440,sackOK,TS val 1055336863 ecr 0,nop,wscale 7], length 0
11:25:00.697470 IP6 2a02:2698::XXX.39234 > 2a02:790:1:d::100:166.443: Flags [S], seq 3080098214, win 64800, options [mss 1440,sackOK,TS val 1055340895 ecr 0,nop,wscale 7], length 0

Who is online

Users browsing this forum: DigitalOcean [Bot] and 32 guests