What's new
By:

Default IPv6 firewall config?

M

mokodi

Occasional Visitor
What's the default firewall configuration for the Asus Merlin FW? For example, I know that it allows IPv6 ICMP traffic by default. Does it allow all kinds of ICMP traffic or only certain types?
 
mokodi said:
What's the default firewall configuration for the Asus Merlin FW? For example, I know that it allows IPv6 ICMP traffic by default. Does it allow all kinds of ICMP traffic or only certain types?
Click to expand...

By default it only allows ICMP traffic which should be allowed as per RFC 4890. See sections 4.3.1 and 4.4.1 of that RFC.
 
mokodi said:
Does that mean all ICMP traffic? Some routers like Vyos allow you to specify specific ICMP types to go through. See last post here.


https://community.ubnt.com/t5/EdgeMAX/ipv6-firewall-question/td-p/1142244
Click to expand...

No, only the ICMP protocols enumerated in the two RFC sections I mentioned are allowed by default, as this is mandatory for proper IPv6 operations. All other ICMP protocols are dropped, unless you create a firewall rule to allow them explicitly. Setting the type to "Other" allows you to enter the protocol number in the port field (same as the IPv4 firewall).
 
RMerlin said:
No, only the ICMP protocols enumerated in the two RFC sections I mentioned are allowed by default, as this is mandatory for proper IPv6 operations. All other ICMP protocols are dropped, unless you create a firewall rule to allow them explicitly. Setting the type to "Other" allows you to enter the protocol number in the port field (same as the IPv4 firewall).
Click to expand...

Thanks RMerlin. I'm glad you're reading the RFC and implementing accordingly. Some vendors like Netgear simply block all IPv6 ICMP without any way to change the settings citing "security issues".
 
mokodi said:
Thanks RMerlin. I'm glad you're reading the RFC and implementing accordingly. Some vendors like Netgear simply block all IPv6 ICMP without any way to change the settings citing "security issues".
Click to expand...

This was done by Asus, not by me. While I did develop the configurable firewall, the default rules were all implemented by Asus.
 
You must log in or register to reply here.

Similar threads

bengalih
PSA - RT-AC68U with CTF/NAT Acceleration may allow IPv6 UDP traffic through firewall
Replies
8
Views
2K
RMerlin
RMerlin
R
ipv6 / firewall on ax86u pro (on latest Merlin)
Replies
6
Views
1K
bennor
B
muffintastic
Solved Restore IPv6 Gateway Script Help.
Replies
2
Views
516
muffintastic
muffintastic
R
IPv6 on GNP using Passthrough
Replies
8
Views
1K
rung
R
G
NordVPN Wireguard Config Issues - AsusMerlin 3006.102.5
Replies
11
Views
3K
ganjah
G
Similar threads
Thread starter Title Forum Replies Date
D AICloud content streaming port (default: 8082) Asuswrt-Merlin 1
C Does minidlna get installed by default (asuswrt-merlin 3006.102.5) Asuswrt-Merlin 2
Zakalwe Why doesn't the OpenVPN client support adding a shadowsocks proxy to it by default? Asuswrt-Merlin 1
R Guest Network Pro in FW 3006 - different default DNS Server than in FW 3004? Asuswrt-Merlin 5
Z Change VPN Director to default enabled Asuswrt-Merlin 6
B IPv6 /56 block? Asuswrt-Merlin 12
L IPv6 addresses Asuswrt-Merlin 1
T Adventures in ipv6 subnetting in SDN Asuswrt-Merlin 22
muffintastic Solved Restore IPv6 Gateway Script Help. Asuswrt-Merlin 2
bengalih PSA - RT-AC68U with CTF/NAT Acceleration may allow IPv6 UDP traffic through firewall Asuswrt-Merlin 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 3,068 (members: 9, guests: 3,059)
Back
Top