Re: [Mikrotik] IPv6 Newbie

Wed, 30 Jan 2013 14:05:28 -0800 

Look in the WISPA Wiki for a place to start.
Hang out on, and check the archive of, the WISPA IPv6 maillist.

On 1/30/2013 4:42 PM, Rory McCann wrote:

Hey guys,
So I decided to set myself up with a couple of free tunnels from HE so I could play around with IPv6. I've got everything up and working correctly, but one thing I'm nervous about is that with my computers now publicly accessible via IPv6, what is the best way to protect/firewall traffic at the router? Using MT 5.22 on an x86 box, here's some of the rules I have in place: 

/ipv6 firewall filter
add action=reject chain=input comment="Winbox Filtering" disabled=no dst-port=8291 protocol=tcp reject-with=tcp-reset src-address-list=!IPv6-Space add action=reject chain=input comment="SSH Filtering" disabled=no dst-port=22 protocol=tcp reject-with=tcp-reset src-address-list=!IPv6-Space add action=drop chain=forward comment="Block all unidentified/non-established traffic" connection-state=new disabled=no dst-address-list=IPv6-Space src-address-list=!IPv6-Space
The Winbox and SSH rules drop SSH traffic not coming from my prefix ("IPv6-Space" address list). I also have a rule that matches connection-state to new and drops the traffic if it's destined to my prefix and coming from outside my prefix using that same address list. That stopped the ability to access my servers/computers from the public net, so that seems to be what I was looking for, however I'm wondering if there are some other rules I should put in place or adjust to further protect my devices?
How are you guys handling this? My network is a corporate network so I'm not serving any customers, just playing around. 

Thanks!



--
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration


Mikrotik Advanced Certified
www.nwwnet.net 
(765) 855-1060
(765) 439-4253
(855) 231-6239


_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to