IPv6 Firewall rules - TL-R605 v1 1.1.1
Starting to play around with IPv6 and it all works so fare very well... although I'm curious if I can find somewhere in the controller settings to adjust/manage firewall rules for IPv6.
Currently ports and services are exposed to the Internet via IPv6, of course I can do host based firewalls, but preferably do it on the router for the whole LAN.
To decrease the attack surface, I currently disabled IPv6 and enable it only when I play around with it.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
They've withdrawn the FW due to some issues with OC. Instead they've released the 2.1.4 beta. However, as I use my er605 in standalone mode I am yet to encounter any issue. I hope they'll release a completely working FW soon. Till then you can try the 2.1.4 beta if you are interested. It contains the same updates which were published as 2.2.0
- Copy Link
- Report Inappropriate Content
Thanks for the info, I have found that Beta version and as I also use the router in stand-alone mode I could try it out.
Did you have to create some IPv6 ACL rules or did it hide all the ports by default?
I need to read more about IPv6 as I'm just an enthusiastic amateur but my understanding is that some ICMP ports should be open for IPv6 to work fully. Are you aware of this and does the Beta firmware do the job properly?
cheers
- Copy Link
- Report Inappropriate Content
No I had to create block rules to hide the ports.
If you host any server behind your network or need to access anything from outside then maybe ICMPv6 is required (I said maybe because even I too am new to IPv6). Otherwise I haven't seen any real requirement for it. All my clients can access IPv6 internet perfectly fine even without ICMPv6.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@gmaster Can you share the ACL rules that you had to apply for ipv6, please?
Perhaps a screenshot of your ACL section would help to get started.
Thanks!
- Copy Link
- Report Inappropriate Content
@gmaster can you confim ipv6 is working on er605 standalone mode. Did it pass the tests run on https://ipv6-test.com/ ?? I enabled ipv6, am getting an ip assigned by isp, but ipv6 test fails. Also confirmed with ISP that the traffic on v6 is not flowing through via er605. Alternatively, i tested ipv6 with google nest wifi directly connecting to isp, all tests pass and isp confirmed traffic flows through. So was just curious if you have completed the assertion process. I did all this without touching the ACLs.
- Copy Link
- Report Inappropriate Content
also looking for this.
- Copy Link
- Report Inappropriate Content
@lezz it's a basic allow and block rule, nothing extraordinary
- Copy Link
- Report Inappropriate Content
@vnan1829 yes ipv6 is working perfectly so far. I have two ISPs in load balancing setup. Getting ipv6 from both ISPs. All my ipv6 enabled LAN clients are also accessing ipv6 sites nicely. However, some ipv6 test sites (like the one you mentioned) are showing false negatives sometimes, refreshing and re-testing solves the issue. Google ipv6 test is always positive.
- Copy Link
- Report Inappropriate Content
@gmaster - what is your router hardware and version? Just curious, so I know which router I'm going to order as replacement.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 29
Views: 20601
Replies: 84