Categories
IPV6 Mikrotik Networking

Basic IPV6 Mikrotik Firewall

Below is a basic IPV6 firewall fillter for your Mikrotik CPE devices.  This is a good start for customer-facing CPE.

 


/ipv6 firewall filter

add chain=forward comment="allow forwarding established, related" connection state=established,related
add chain=forward comment="allow forward lan->wan" in-interface=lan out-interface=wan
add chain=forward comment="allow ICMPv6 forwarding" in-interface=wan protocol=icmpv6
add action=reject chain=forward comment="reject every other forwarding request" reject-with=icmp-port-unreachable
add chain=input comment="accept established, related" connection-state=established,related
add chain=input comment="allow ICMPv6" in-interface=wan protocol=icmpv6
add chain=input comment="allow DHCPv6 renew" dst-address=fc00::/6 dst-port=546 in-interface=wan protocol=udp src-address=fc00::/6
add chain=input comment="allow lan" in-interface=lan
add action=reject chain=input comment="reject everything else" reject-with=icmp-port-unreachable

One reply on “Basic IPV6 Mikrotik Firewall”

Comments are closed.

%d bloggers like this: