Firewall requirements for functional IPv6

From Mann Systems
Jump to: navigation, search

In pf rule syntax

WAN interface

Outbound Router Solicitation

pass out quick on wan0 inet6 proto ipv6-icmp from fe80::/10 to ff02::2/16 icmp6-type routersol
pass out quick on wan0 inet6 proto ipv6-icmp from     ::    to ff02::2/16 icmp6-type routersol

Inbound Router Advertisement

pass in quick on wan0 inet6 proto ipv6-icmp from fe80::/10 to ff02::1/16 icmp6-type routeradv
pass in quick on wan0 inet6 proto ipv6-icmp from fe80::/10 to (wan0) icmp6-type routeradv

Bidirectional Neighbour Solicitation

pass quick on wan0 inet6 proto ipv6-icmp from any to any icmp6-type neighbrsol

Bidirectional Neighbour Advertisement

pass quick on wan0 inet6 proto ipv6-icmp from any to any icmp6-type neighbradv

LAN

Router Advertisement

Pass out on LAN interface from link-local address to multicast link-local all-nodes scope

pass out quick on lan0 inet6 proto ipv6-icmp from fe80::/10 to ff02::1/16 icmp6-type routeradv

Pass out on LAN interface from link-local address to any

pass out quick on lan0 inet6 proto ipv6-icmp from fe80::/10 to any icmp6-type routeradv

Neighbour Solicitation

Pass out on LAN interface

pass out quick inet6 proto ipv6-icmp from (lan0) to any icmp6-type neighbrsol
pass out quick inet6 proto ipv6-icmp from :: to to any icmp6-type neighbrsol

Neighbour Advertisement