Community discussions

MikroTik App
  4. RouterOS
  5. General

ALLOWING IPV6 TRAFFIC TO DEVICE WITH DYNAMIC IPV6 PREFIX BEHIND FIREWALL

Post Reply
 
ihipop
just joined
Topic Author
Posts: 7
Joined: Tue Oct 05, 2021 6:36 pm

ALLOWING IPV6 TRAFFIC TO DEVICE WITH DYNAMIC IPV6 PREFIX BEHIND FIREWALL

Tue Oct 05, 2021 7:22 pm

IP6TABLES https://linux.die.net/man/8/ip6tables allows specifying a mask when matching destination address
so we can use
Code: Select all
/ffff:ffff:ffff:ffff:0000:0000:0000:0000 
(equeal to /ffff:ffff:ffff:ffff::)


as the mask to represent
Code: Select all
/64
The pointer is,when I want to match the last 64 bit part ,I can use mask
Code: Select all
/0000:0000:0000:0000:ffff:ffff:ffff:ffff:
(equeal to /::ffff:ffff:ffff:ffff)
This is very useful when I have a dynamic IPV6 prefix and want my routeros to allow some device behind firewall to be visited by outside

I can do this easily with IP6TABLES
Code: Select all
ip6tables -I FORWARD -d ::aaaa:bbbb:cccc:dddd/::ffff:ffff:ffff:ffff -p tcp --dport 22 -j ACCEPT
I can't do it with routeros

Image


Feature support status :
[✓] Linux IP6TABLES (vanilla or not)
[✓] Vyos
[✓] OpenWrt
[x] Routeros
You do not have the required permissions to view the files attached to this post.
Top
 
ihipop
just joined
Topic Author
Posts: 7
Joined: Tue Oct 05, 2021 6:36 pm

Re: ALLOWING IPV6 TRAFFIC TO DEVICE WITH DYNAMIC IPV6 PREFIX BEHIND FIREWALL

Tue Oct 05, 2021 7:33 pm

Extended Reading : https://isolated.site/2019/03/26/allowi ... -firewall/
Top
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Melodicc, wispmikrotik and 32 guests
  4. RouterOS
  5. General