On 2023-04-21 09:33, Per Jessen wrote:
Carlos E. R. wrote:
I discovered that my ISP provided "router" does not do any firewalling on IPv6. All my IPv6 capable machines are fully visible from internet.
My Linux machines have a firewall. On some of them, I opened ports to be used in the intranet. It was obvious, an address such as 192.1.1.50 was in my intranet.
Now, how the $%&# can the firewall that an incoming IPv6 address is actually in my intranet, or is external?
It doesn't matter, all of the addresses in your allocated prefix are yours.
Yes, but can SuSEfirewall2 or firewalld learn that prefix and act, automatically? Is it possible?
Consider that my ISP provided prefix is not fixed, but is dynamic. I can not write the address in any script, because it changes when the router reboots.
Ideas?
Why not just set up the ipv6 firewall in your router?
It is set. Doesn't work. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)