Community discussions

MikroTik App
 
User avatar
basd
just joined
Topic Author
Posts: 6
Joined: Mon Sep 14, 2015 11:37 am

Ipv6 firewall

Mon Sep 14, 2015 11:46 am

Hi all i am newbe here,

I have problem getting my IPv6 firewall to work correctly.

Wat i want to allow some port inbound for specifik ip addresses, but not else.
And i want to grant all inside ipv6 trafic to go out but it doesn't seem to work,

THis is my ipv6 firewall config can anyone help ?
/ipv6 firewall filter
add action=drop chain=forward dst-port=53 in-interface=pppoe-out1 protocol=tcp
add chain=forward comment="sta verkeer naar exchange web toe" dst-address=2001:ffff:ffff:1:192:168:200:15/128 dst-port=80,443 protocol=tcp src-address=2001:ffff:ffff:2::/64
add chain=forward comment="sta verkeer naar exchange icmp toe" dst-address=2001:ffff:ffff:1:192:168:200:15/128 protocol=icmpv6 src-address=2001:ffff:ffff:2::/64
add action=drop chain=forward dst-address=2001:ffff:ffff:2::/64 src-address=2001:ffff:ffff:1::/64
add action=drop chain=forward dst-address=2001:ffff:ffff:1::/64 src-address=2001:ffff:ffff:2::/64
add chain=forward connection-state=established,related,new src-address=2001:ffff:ffff:1::/64
add chain=forward connection-state=established,related dst-address=2001:ffff:ffff:2::/64
add chain=input comment="Allow established connections" connection-state=established
add chain=input comment="Allow related connections" connection-state=related
add chain=input comment="Allow limited ICMP" limit=50/5s,5 protocol=icmpv6
add chain=input comment="Allow UDP" protocol=udp
add chain=forward comment="Allow any to internet" out-interface=pppoe-out1
add chain=forward comment="Allow established connections" connection-state=established,related,new
add chain=forward comment="Allow related connections" connection-state=related
add chain=forward comment="Alternatiefe smtp port naar exchange" dst-address=2001:ffff:ffff:1:192:168:200:15/128 dst-port=2526 protocol=tcp
add chain=forward comment="Allow web trafic to exchange server" dst-address=2001:ffff:ffff:1:192:168:200:15/128 dst-port=80,443 protocol=tcp
add chain=forward comment="Allow web trafic to wsus" dst-address=2001:ffff:ffff:1:192:168:200:15/128 dst-port=8530,8531 protocol=tcp
add action=drop chain=forward comment="Drop al het overige verkeer"
add action=drop chain=input
With kind regards,

Bas van den Dikkenberg

Who is online

Users browsing this forum: Georges77 and 80 guests