burim:ipv6
rfc ipv6
https://datatracker.ietf.org/doc/rfc4890/
# Drop NS/NA messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
ip6tables -D INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -D INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
# Allow NS/NA messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
ip6tables -D INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -D INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
# Drop RS/RA messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type router-solicitation -j DROP ip6tables -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j DROP
ip6tables -D INPUT -p icmpv6 --icmpv6-type router-solicitation -j DROP ip6tables -D INPUT -p icmpv6 --icmpv6-type router-advertisement -j DROP
# Allow RS/RA messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT ip6tables -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
ip6tables -D INPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT ip6tables -D INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
# Drop Redirect messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type redirect -j DROP
ip6tables -D INPUT -p icmpv6 --icmpv6-type redirect -j DROP
# Allow Redirect messages both incoming and outgoing ip6tables -A INPUT -p icmpv6 --icmpv6-type redirect -j Allow
ip6tables -D INPUT -p icmpv6 --icmpv6-type redirect -j Allow
# e.g. drop receiving NA ip6tables -I INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-advertisement -j DROP ip6tables -I INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-advertisement -j DROP
ip6tables -D INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-advertisement -j DROP ip6tables -D INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-advertisement -j DROP
#e.g. drop sending NS ip6tables -I OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-solicitation -j DROP ip6tables -D OUTPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbor-solicitation -j DROP
ipv6 multicast MAC address
IPv6 multicast (RFC 2464): The low 32 bits an Ethernet address for IPv6 multicast traffic are the low 32 bits of the multicast IPv6 address used. For example, IPv6 multicast traffic using the address ff02::d uses the MAC address 33-33-00-00-00-0D, and traffic to ff05::1:3 goes to the MAC address 33-33-00-01-00-03.
burim/ipv6.txt · Last modified: 2021/10/04 17:34 by burim