Community discussions

 
atlanticd
newbie
Topic Author
Posts: 29
Joined: Thu Jun 11, 2015 6:42 pm

Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface

Mon May 28, 2018 4:36 pm

Hi,

I would like to block ICMPv6 Neighbor Advertisement packets on a bridged EOIP interface. I configured the following bridge filter:
admin@hAPac^2] > /interface bridge filter print all 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=drop in-interface=eoip-tunnel1 mac-protocol=ipv6 log=no log-prefix="" 
 
[admin@hAPac^2] > /interface bridge filter print stats 
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                                                                                                                                                                                                                     ACTION                 BYTES         PACKETS
 0   input                                                                                                                                                                                                                                     drop                   17808             234

I can see that the counter is growing.

However, when I make a Torch on that interface, I still see the packets.

How can I block that kind of traffic? ipv6 package is disabled.

Thank you.
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface  [SOLVED]

Tue May 29, 2018 1:45 am

you will se the packages comming in, in tourch, but firewall still blocking packages. You will se it in in interface, but not in the out interface.
 
atlanticd
newbie
Topic Author
Posts: 29
Joined: Thu Jun 11, 2015 6:42 pm

Re: Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface

Wed May 30, 2018 10:20 am

you will se the packages comming in, in tourch, but firewall still blocking packages. You will se it in in interface, but not in the out interface.
I see, understood. Thank you for your reply.

Who is online

Users browsing this forum: Google [Bot] and 128 guests