Show Posts
16
23.1 Legacy Series / Automatically generated ICMP rules for IPV6 not passing taffic
« on: April 19, 2023, 01:04:11 am »
The automatically generated ICMP rules for IPV6 include this rule:
IPv6 IPV6-ICMP fe80::/10 * fe80::/10,ff02::/16 * * * * IPv6 RFC4890 requirements (ICMP)
as well as this rule further down the list:
IPv6 * <bogonsv6> * * * * * Block bogon IPv6 networks from WAN
However, in my logs I see:
Apr 18 19:01:58 router.home.arpa filterlog[31353]: 71,,,f140a48ddade668b9d6f5259669a1d5c,igb0,match,block,in,6,0xe0,0x00000,1,icmp,1,32,fe80::10,ff02::1:ff00:1,truncated-ip6=32
The traffic is being blocked by the "Block bogon IPV6 networks from WAN" rule, but as far as I can tell from the source `fe80::10` and destination `ff02::1:ff00:1` this traffic should be passed by the "IPv6 RFC4890 requirements (ICMP)" rule. Why isn't it?
I have reset the state table to no effect.
IPv6 IPV6-ICMP fe80::/10 * fe80::/10,ff02::/16 * * * * IPv6 RFC4890 requirements (ICMP)
as well as this rule further down the list:
IPv6 * <bogonsv6> * * * * * Block bogon IPv6 networks from WAN
However, in my logs I see:
Apr 18 19:01:58 router.home.arpa filterlog[31353]: 71,,,f140a48ddade668b9d6f5259669a1d5c,igb0,match,block,in,6,0xe0,0x00000,1,icmp,1,32,fe80::10,ff02::1:ff00:1,truncated-ip6=32
The traffic is being blocked by the "Block bogon IPV6 networks from WAN" rule, but as far as I can tell from the source `fe80::10` and destination `ff02::1:ff00:1` this traffic should be passed by the "IPv6 RFC4890 requirements (ICMP)" rule. Why isn't it?
I have reset the state table to no effect.