What do I need to allow for traceroute to an IPv6 address in my LAN to get past my firewall?
Current INPUT rules:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT ipv6-crypt vlan2 any anywhere anywhere 0 0 ACCEPT ipv6-auth vlan2 any anywhere anywhere 0 0 ACCEPT udp vlan2 any anywhere anywhere udp spt:500 dpt:500 0 0 ACCEPT udp vlan2 any anywhere anywhere udp spt:4500 dpt:4500 108 15163 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED 103 9176 ACCEPT all br0 any anywhere anywhere state NEW 0 0 ACCEPT all lo any anywhere anywhere state NEW 0 0 DROP all any any anywhere anywhere state INVALID 0 0 ACCEPT ipv6-nonxt any any anywhere anywhere length 40 168 16288 ACCEPT all br0 any anywhere anywhere 0 0 ACCEPT all lo any anywhere anywhere 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp destination-unreachable 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp packet-too-big 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp time-exceeded 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp parameter-problem 1 104 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-reply 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 130 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 131 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 132 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-solicitation 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-advertisement 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-solicitation 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-advertisement 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 141 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 142 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 143 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 148 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 149 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 151 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 152 0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 153 5 400 DROP all any any anywhere anywhere
No comments:
Post a Comment