Hi,
I'm running firewalld in a router that connects the devices in my home LAN to internet.
I have recently added IPv6 DHCPv6 config to the router, and prefix delegation works, so
the devices in my home LAN get proper IPv6 addresses.
However, I don't like the idea that all IPv6 enabled devices in my home LAN have public
IPv6 addresses. I'd very much prefer simple IPv4 -style NAT approach to protect the
devices in home LAN from being accessed from the internet.
How do I implement something like this with firewalld in the router?
wanif=eth0
lanif=eth1
ip6tables -A FORWARD -m state --state NEW -i $lanif -o $wanif -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP
Other ways to protect the devices in my home LAN being accessed from the internet?
-Paavo
Hi,
any help with this will be highly appreciated.
Now I have IPv6 disabled in my home network.
-Paavo
From: Paavo Leinonen paavo@leinonen.fi Sent: torstai 25. toukokuuta 2017 12.44 To: firewalld-users@lists.fedorahosted.org Subject: Firewalld & IPv6
Hi,
I'm running firewalld in a router that connects the devices in my home LAN to internet.
I have recently added IPv6 DHCPv6 config to the router, and prefix delegation works, so
the devices in my home LAN get proper IPv6 addresses.
However, I don't like the idea that all IPv6 enabled devices in my home LAN have public
IPv6 addresses. I'd very much prefer simple IPv4 -style NAT approach to protect the
devices in home LAN from being accessed from the internet.
How do I implement something like this with firewalld in the router?
wanif=eth0
lanif=eth1
ip6tables -A FORWARD -m state --state NEW -i $lanif -o $wanif -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP
Other ways to protect the devices in my home LAN being accessed from the internet?
-Paavo
On Sat, Jun 02, 2018 at 08:05:30AM +0300, Paavo Leinonen wrote:
Hi,
any help with this will be highly appreciated.
Now I have IPv6 disabled in my home network.
-Paavo
From: Paavo Leinonen paavo@leinonen.fi Sent: torstai 25. toukokuuta 2017 12.44 To: firewalld-users@lists.fedorahosted.org Subject: Firewalld & IPv6
Hi,
I'm running firewalld in a router that connects the devices in my home LAN to internet.
I have recently added IPv6 DHCPv6 config to the router, and prefix delegation works, so
the devices in my home LAN get proper IPv6 addresses.
However, I don't like the idea that all IPv6 enabled devices in my home LAN have public
IPv6 addresses. I'd very much prefer simple IPv4 -style NAT approach to protect the
devices in home LAN from being accessed from the internet.
Since v0.4.4.6, using --add-masquerade enables IPv6 masquerade as well. Not sure if that's what you're asking for.
How do I implement something like this with firewalld in the router?
wanif=eth0
lanif=eth1
ip6tables -A FORWARD -m state --state NEW -i $lanif -o $wanif -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP
Other ways to protect the devices in my home LAN being accessed from the internet?
FORWARD filtering is currently not implemented. See issue #2.
firewalld-users@lists.fedorahosted.org