diff options
| author | Roberto Bertó <roberto.berto@gmail.com> | 2024-03-10 12:42:31 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-10 12:42:31 -0300 |
| commit | 95878ef8c96e276a8bc09b0326878a654ce2ee58 (patch) | |
| tree | ae6fe96cedca2ab2a48f4387cc3aaecc71cb0285 /docs/configexamples/pppoe-ipv6-basic.rst | |
| parent | 0993a91255cad0dd893b7a60e05fd2120a343407 (diff) | |
| parent | 8d410c0843f7d8b88a5a20ccb778ae149c6fc098 (diff) | |
| download | vyos-documentation-95878ef8c96e276a8bc09b0326878a654ce2ee58.tar.gz vyos-documentation-95878ef8c96e276a8bc09b0326878a654ce2ee58.zip | |
Merge pull request #2 from vyos/master
import 2024-03
Diffstat (limited to 'docs/configexamples/pppoe-ipv6-basic.rst')
| -rw-r--r-- | docs/configexamples/pppoe-ipv6-basic.rst | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/docs/configexamples/pppoe-ipv6-basic.rst b/docs/configexamples/pppoe-ipv6-basic.rst index f569d9c3..ad588def 100644 --- a/docs/configexamples/pppoe-ipv6-basic.rst +++ b/docs/configexamples/pppoe-ipv6-basic.rst @@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to: .. code-block:: none - set firewall ipv6-name WAN_IN default-action 'drop' - set firewall ipv6-name WAN_IN rule 10 action 'accept' - set firewall ipv6-name WAN_IN rule 10 state established 'enable' - set firewall ipv6-name WAN_IN rule 10 state related 'enable' - set firewall ipv6-name WAN_IN rule 20 action 'accept' - set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL default-action 'drop' - set firewall ipv6-name WAN_LOCAL rule 10 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable' - set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable' - set firewall ipv6-name WAN_LOCAL rule 20 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6' - set firewall ipv6-name WAN_LOCAL rule 30 action 'accept' - set firewall ipv6-name WAN_LOCAL rule 30 destination port '546' - set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp' - set firewall ipv6-name WAN_LOCAL rule 30 source port '547' - set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN' - set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL' + set firewall ipv6 name WAN_IN default-action 'drop' + set firewall ipv6 name WAN_IN rule 10 action 'accept' + set firewall ipv6 name WAN_IN rule 10 state established 'enable' + set firewall ipv6 name WAN_IN rule 10 state related 'enable' + set firewall ipv6 name WAN_IN rule 20 action 'accept' + set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL default-action 'drop' + set firewall ipv6 name WAN_LOCAL rule 10 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable' + set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable' + set firewall ipv6 name WAN_LOCAL rule 20 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6' + set firewall ipv6 name WAN_LOCAL rule 30 action 'accept' + set firewall ipv6 name WAN_LOCAL rule 30 destination port '546' + set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp' + set firewall ipv6 name WAN_LOCAL rule 30 source port '547' + set firewall ipv6 forward filter rule 10 action jump + set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN' + set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0' + set firewall ipv6 input filter rule 10 action jump + set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL' + set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0' Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client). |