This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
edgerouter:ipv6-no-unsolicit [2015/04/27 20:51] – created brielle | edgerouter:ipv6-no-unsolicit [2015/04/27 21:31] – brielle | ||
---|---|---|---|
Line 2: | Line 2: | ||
One of the biggest issues with enabling IPv6, is that it has the potential to expose client machines to malicious traffic. | One of the biggest issues with enabling IPv6, is that it has the potential to expose client machines to malicious traffic. | ||
- | |||
- | set firewall group ipv6-address-group LAN-IPv6 description 'LAN IPv6 Addresses' | ||
- | set firewall group ipv6-address-group LAN-IPv6 ipv6-network ' | ||
Line 11: | Line 8: | ||
set firewall ipv6-name Internet-To-LAN rule 1 action accept | set firewall ipv6-name Internet-To-LAN rule 1 action accept | ||
set firewall ipv6-name Internet-To-LAN rule 1 description 'Drop Incoming IPv6 unless related' | set firewall ipv6-name Internet-To-LAN rule 1 description 'Drop Incoming IPv6 unless related' | ||
- | set firewall ipv6-name Internet-To-LAN rule 1 destination group ipv6-address-group LAN-IPv6 | ||
- | set firewall ipv6-name Internet-To-LAN rule 1 log disable | ||
- | set firewall ipv6-name Internet-To-LAN rule 1 protocol all | ||
set firewall ipv6-name Internet-To-LAN rule 1 state established enable | set firewall ipv6-name Internet-To-LAN rule 1 state established enable | ||
- | set firewall ipv6-name Internet-To-LAN rule 1 state invalid disable | ||
- | set firewall ipv6-name Internet-To-LAN rule 1 state new disable | ||
set firewall ipv6-name Internet-To-LAN rule 1 state related enable | set firewall ipv6-name Internet-To-LAN rule 1 state related enable | ||
+ | set firewall ipv6-name Internet-To-LAN rule 2 action drop | ||
+ | set firewall ipv6-name Internet-To-LAN rule 2 state invalid enable | ||
- | set firewall ipv6-name LAN-To-Internet default-action drop | + | set firewall ipv6-name LAN-To-Internet default-action accept |
- | set firewall ipv6-name LAN-To-Internet description 'LAN to Internet' | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 action accept | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 description 'Allow all ipv6 out' | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 log disable | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 protocol all | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 source group ipv6-address-group LAN-IPv6 | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 state established enable | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 state invalid disable | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 state new enable | + | |
- | set firewall ipv6-name LAN-To-Internet rule 1 state related enable | + | |
# Bind LAN-To-Internet rule to LAN interface ' | # Bind LAN-To-Internet rule to LAN interface ' |