<html><body><div>Hi</div><div>thank you for looking in to this. I haven't tried it before now. I cant get it to work.</div><div><br data-mce-bogus="1"></div><div>after running the commands you suggest I get this when I run ip6tables --list-rules</div><div><br data-mce-bogus="1"></div><div><p class="p1"><span class="s1">root@JOTVPN:~# ip6tables --list-rules</span></p><p class="p1"><span class="s1">-P INPUT ACCEPT</span></p><p class="p1"><span class="s1">-P FORWARD ACCEPT</span></p><p class="p1"><span class="s1">-P OUTPUT ACCEPT</span></p><p class="p1"><span class="s1">-A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP</span></p><p class="p1"><span class="s1">-A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP</span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1">Do you have any other ideas?</span></p><p class="p1"><span class="s1">Thanks for your help!</span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1">Best Regards,</span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1">Håvard Rabbe</span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p><p class="p1"><span class="s1"><br data-mce-bogus="1"></span></p></div><div>On Aug 30, 2016, at 04:39 PM, Guus Sliepen <guus@tinc-vpn.org> wrote:<br><br></div><div><blockquote type="cite"><div class="msg-quote"><div class="_stretch"><span class="body-text-content">On Sat, Aug 27, 2016 at 11:41:12PM +0000, Håvard Rabbe wrote:<br><br><blockquote type="cite" class="quoted-plain-text">Im using tinc to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node.</blockquote><blockquote type="cite" class="quoted-plain-text">The other computers behind the other nodes have no use for ipv6 addresses it gets through the tinc tunnel.</blockquote><blockquote type="cite" class="quoted-plain-text"><br></blockquote><blockquote type="cite" class="quoted-plain-text">Is there a way to block ipv6 auto configuration traffic entering the tinc tunnel on each node?</blockquote><br>You should be able to block those packets in the FORWARD chain. IPv6<br>autoconfiguration is done using ICMPv6 packets with types 133 and 134,<br>see: <a href="https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol" data-mce-href="https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol">https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol</a>. So do<br>something like:<br><br>ip6tables -A FORWARD -i <vpn interface> -p icmpv6 --icmpv6-type 133 -j DROP<br>ip6tables -A FORWARD -o <vpn interface> -p icmpv6 --icmpv6-type 134 -j DROP<br><br>-- <br>Met vriendelijke groet / with kind regards,<br> Guus Sliepen <guus@tinc-vpn.org><br></span></div><div class="_stretch"><span class="body-text-content">_______________________________________________<br>tinc mailing list<br><a href="mailto:tinc@tinc-vpn.org" data-mce-href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br><a href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" data-mce-href="https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc">https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br></span></div></div></blockquote></div></body></html>