IPv6 LAN NET

bcjenkins · October 02, 2015, 06:57:22 PM

How is a LAN NET defined for an IPv6 network when the network is DHCPv6?

I am seeing blocks in my firewall for traffic originating on the LAN side to do things like DNS lookups or HTTPS traffic.

QuoteThe rule that triggered this action is:

@5 block drop in log inet6 all label "Default deny rule IPv6"

OPNsense 15.7.15-amd64
FreeBSD 10.1-RELEASE-p19
LibreSSL 2.2.3

slackadelic · October 03, 2015, 07:03:33 AM

I did not have to enable DHCPv6 as SLAAC kicked in and is issuing everything just fine.

bcjenkins · October 05, 2015, 03:17:52 PM

I changed the firewall from LAN NET to any and it allowed traffic to flow. Does this create an exposure?

franco · October 11, 2015, 01:51:05 PM

Brandon, do you have specific info about the traffic being blocked (src/dst IP and port), it might simply be missing from the (internal) rules template.

IPv6 LAN NET

bcjenkins

October 02, 2015, 06:57:22 PM

slackadelic

October 03, 2015, 07:03:33 AM #1

bcjenkins

October 05, 2015, 03:17:52 PM #2

franco

October 11, 2015, 01:51:05 PM #3