ER7212PC ipv6 firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER7212PC ipv6 firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER7212PC ipv6 firewall
ER7212PC ipv6 firewall
2024-02-02 18:51:01
Tags: #IPv6 #Gateway ACL #firewall
Model: ER7212PC  
Hardware Version: V1
Firmware Version: ER7212PC(UN)_V1_1.1.0 Build 20230803

Hi There, i bought a ER7212PC router for using ipv6 from my provider,
the uplink works great, in bridge mode for ipv6.
As my ipv6 devices on my local network are now accessible from the internet, i would like to use the ipv6 firewall on the ER7212PC to block Ports, ex: 80, etc
but i am unable to create a ipv6 group port, under the profile section.
how can i block all ports on ipv6 from WAN to LAN, and leave one open: ex 80 ?
is this a feature the ER7212PC has ? thx

  0      
  0      
#1
Options
4 Reply
Re:ER7212PC ipv6 firewall
2024-04-18 11:16:02 - last edited 2024-04-18 11:30:49

  @stephK I want to take the same step and enable IPv6 on my ER7212PC - did you end up making any additional configuration before turning on IPv6 in your Omada router? 

 

Before I saw this question I assumed that the router would have a default-deny firewall in place for IPv6 traffic, but I've understood your question to mean that is not the case. And, if that's not the case is anyone here able to clarify for me if it is safe and sensible for me to click "Enable" box for IPv6? 

 

My ISP provides a static /56 network prefix for IPv6 but has me stuck behind CG-NAT for IPv4 - I want to learn to get comfortable with IPv6 by using it - are there any good small LAN examples to follow anywhere? (Ideally based on setting up Omada kit with IPv6). From a little reading of recent release notes it seems that IPv6 is better supported now than it has been in the past. (I'm currently on the 1.1.2 firmware for the router, which includes Omada Controller version 5.8.38)

  0  
  0  
#2
Options
Re:ER7212PC ipv6 firewall
2024-04-18 12:07:28

  @RockPaper Hi, i didnt find any solution or documentation to block port on ipv6 (profile, policies, etc) on the router.
i found out the easiest solution is to buy a cheap fanless pfsense small computer with 2.5g Lan outputs, and plug it ahead...

  1  
  1  
#3
Options
Re:ER7212PC ipv6 firewall
2024-04-18 13:34:21

  @stephK thx - I guess that's an easy way forward. Or I could just sit and wait.

 

I can see that there is still currently no way to use IPv6 IP groups in the firewall ACL rules page. I've seen other posts here stating that for IPv4 there is an invisible default deny rule, and if the same was the case for IPv6 then it would at least be safe for me to enable IPv6 even if I couldn't host anything behind the router.

 

Did you prove to yourself that the IPv6 routing is default allow?

  0  
  0  
#4
Options
Re:ER7212PC ipv6 firewall
2024-04-18 14:09:21
IPV6 is default allow, all devices on the router are reachable from outside by their IPV6 address, thats all the purpose of IPV6, no more NAT, quite risky without a firewall IPV6
  1  
  1  
#5
Options