Community discussions

MikroTik App
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

IPv6 Address List in filter condition

Tue Mar 26, 2019 1:40 pm

I'm trying to create an IPv6 firewall rule list into a router, and found some strange thing in the input chain:

Input:
/ipv6 firewall address-list add address=2001:db8:4::/48 list="Allowed Management V6"
/ipv6 firewall filter add action=accept chain=input comment="Allow Management From AddressList" dst-port=8291,22 protocol=tcp src-address-list="Allowed Management V6"
This is not working (winbox and SSH timeouts), when accessing from: 2001:db8:4:112:20b1:b29c:59a0:1639.



/ipv6 firewall filter add action=accept chain=input comment="Allow Management From XY" dst-port=8291,22 protocol=tcp src-address=2001:db8:4::/48
This is working, when accessing from the same address, as above.



Forward:
/ipv6 firewall address-list add address=2001:db8:4::/48 list="Allowed Management V6"
/ipv6 firewall filter add action=accept chain=forward comment="ALLOW From AddressList" src-address-list="Allowed Management V6"
Applying this rules, I can access devices behind the router, so in the forward chain the AddressList is working.

What do I miss to configure in the input chain?

PS: Yes I know those are not real IPv6 adresses, I used them for privacy :-)
 
Sob
Forum Guru
Forum Guru
Posts: 6253
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 Address List in filter condition

Tue Mar 26, 2019 11:09 pm

No such problem here, address list works in input, tested with 6.44.1.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: ath, Baidu [Spider], expo, Google [Bot], jeanparadis and 180 guests