ErzCrz

Level 2
Just a quick question regarding IPv6 filtering. My ISP (Sky) utilizes both IPv4 and IPv6. The router has a built-in IPv6 and IPv4 firewall. With CIS should I be filtering IPv6 traffic?

I know I'd require the ICMP (Packet too big, time exceeded and type 134,135 & 136 for neighbour and router solicitation essentials) but is there any point in me filtering the IPv6 traffic with any of the configurations? I'm currently playing around with CS or default Proacive config and with it enabled, I seem to only be blocking LAN Ipv6 to 546 and another laptop on the machine's Apple Bojour service to port 5353 and occasional upnp to port 3702. The router assigns me a public IPv4 and IPv6 ip address and this laptop is only ever on the home network.

Any suggestions greatly appreciated.

Cheers,

Erz
 
  • Like
Reactions: Gandalf_The_Grey

ErzCrz

Level 2
I think I've ended up answering my own question. I think it's still important to filter the IPv6.

So I changed my config to Cruelsister settings, did the stealth firewall block incoming which kept my home network as trusted and then added the ICMP rules and set the block IP rule to log so I can check what's being blocked from time to time.

Adding an additional rule for the LAN DHCP to 546 which comes from port 56090 in the log doesn't seem to allow it in when I put in the mac address for both but it doesn't seem to affect my internet at all and I still can use full IPv6 on test sites. /shrug

Anyway, onto some research on browsers...

Cheers,

Erz