Page 1 of 1

Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface

Posted: Mon May 28, 2018 4:36 pm
by atlanticd
Hi,

I would like to block ICMPv6 Neighbor Advertisement packets on a bridged EOIP interface. I configured the following bridge filter:
admin@hAPac^2] > /interface bridge filter print all 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=drop in-interface=eoip-tunnel1 mac-protocol=ipv6 log=no log-prefix="" 
 
[admin@hAPac^2] > /interface bridge filter print stats 
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN                                                                                                                                                                                                                                     ACTION                 BYTES         PACKETS
 0   input                                                                                                                                                                                                                                     drop                   17808             234

I can see that the counter is growing.

However, when I make a Torch on that interface, I still see the packets.

How can I block that kind of traffic? ipv6 package is disabled.

Thank you.

Re: Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface  [SOLVED]

Posted: Tue May 29, 2018 1:45 am
by samsung172
you will se the packages comming in, in tourch, but firewall still blocking packages. You will se it in in interface, but not in the out interface.

Re: Block ICMPv6 Neighbor Advertisement packets on bridged EOIP interface

Posted: Wed May 30, 2018 10:20 am
by atlanticd
you will se the packages comming in, in tourch, but firewall still blocking packages. You will se it in in interface, but not in the out interface.
I see, understood. Thank you for your reply.