Community discussions

MikroTik App
 
tbuyvoets
just joined
Topic Author
Posts: 3
Joined: Wed Oct 06, 2021 12:59 pm

ipv6 firewall don't block ip advertising

Thu Oct 07, 2021 9:19 pm

Hi, I'm new to ipv6 and have it working until I set up some firewall rules. Then my devices don't get an ipv6 address.

I want to block all input to the router except a specific /64 network. Still ip advertising should work.

these are my firewall rules:

/ipv6 firewall filter
add action=accept chain=input comment="Allow from mgmt networks" src-address-list=mgmt
add action=accept chain=input comment="Allow established,related" connection-state=established,related
add action=accept chain=input comment="Accept DHCPv6-client prefix delegation" dst-port=546 protocol=udp \
src-address=fe80::/10
add action=drop chain=input comment="Default drop"
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward comment="Drop all from wan" in-interface=to-meterkast-router-pppoe

If I add this rule ip advertising is working. But I don't want to give all devices access to the router. So this rule should be altered so only advertising is allowed.
add action=accept chain=input src-address=fe80::/10

Is ip advertising working on a specific protocol or port?

Who is online

Users browsing this forum: Semrush [Bot] and 10 guests