1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

IPV6 control

Discussion in 'Asuswrt-Merlin' started by SomeWhereOverTheRainBow, Dec 12, 2019.

  1. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Senior Member

    Joined:
    Jun 4, 2019
    Messages:
    485
    are there any firewall rules i can use to block the flow of ipv6 to certain devices?
    note this is only to block it on certain devices.
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,234
    Location:
    UK
    Unsolicited incoming traffic is blocked by default. Exceptions can be made under the Firewall tab.

    If you want to block traffic that is a response to an outgoing request (a bit like Network Services Filter) then I'd guess you'd have to write some ip6tables rules.
     
  3. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Senior Member

    Joined:
    Jun 4, 2019
    Messages:
    485
    thanks for your response Colin, I am not too familiar with ip6table rules or using mangled options (which i think will work for this type of issue), not like i am with ipv4. I have a specific device on my network I do not want connecting to ipv6 as it seems it is not fully compatible and is causing issues with its functionality. all my other devices run fine on the setup though. I don't know what type of IP6table rule i would need but i do know it would involve using the mac address of the device. Do you know of any sources i could reference maybe? Google has me stumped.
     
    Last edited: Dec 13, 2019
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,234
    Location:
    UK
    My knowledge of ip6tables and IPv6 in general is almost nonexistent. My best best guess by looking at John's implementation of DNS Filter for IPv6 would be this:
    Code:
    ip6tables -t mangle -A PREROUTING -m mac --mac-source 00:A0:96:CA:F0:F6 -j DROP
    But I don't have IPv6 so have no way of testing that.