Is it possible to block ipv6 auto configuration entering the tinc tunnel?
Guus Sliepen
guus at tinc-vpn.org
Thu Feb 23 10:48:13 CET 2017
On Wed, Feb 22, 2017 at 08:51:49PM +0000, HÃ¥vard Rabbe wrote:
> thank you for looking in to this. I haven't tried it before now. I cant get it to work.
>
> after running the commands you suggest I get this when I run ip6tables --list-rules
>
> root at JOTVPN:~# ip6tables --list-rules
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
> -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP
>
> Do you have any other ideas?
It could be I have the direction of the ICMP messages wrong. Try adding:
ip6tables -A FORWARD -o vpn -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
ip6tables -A FORWARD -i vpn -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170223/07ce17c2/attachment.sig>
More information about the tinc
mailing list