Below is a basic IPV6 firewall fillter for your Mikrotik CPE devices. This is a good start for customer-facing CPE.
/ipv6 firewall filter add chain=forward comment="allow forwarding established, related" connection state=established,related add chain=forward comment="allow forward lan->wan" in-interface=lan out-interface=wan add chain=forward comment="allow ICMPv6 forwarding" in-interface=wan protocol=icmpv6 add action=reject chain=forward comment="reject every other forwarding request" reject-with=icmp-port-unreachable add chain=input comment="accept established, related" connection-state=established,related add chain=input comment="allow ICMPv6" in-interface=wan protocol=icmpv6 add chain=input comment="allow DHCPv6 renew" dst-address=fc00::/6 dst-port=546 in-interface=wan protocol=udp src-address=fc00::/6 add chain=input comment="allow lan" in-interface=lan add action=reject chain=input comment="reject everything else" reject-with=icmp-port-unreachable
One reply on “Basic IPV6 Mikrotik Firewall”
[…] Basic IPV6 Mikrotik Firewall […]