Subj : I have native IPv6 To : Michiel van der Vlist From : Benny Pedersen Date : Sat May 09 2015 17:47:10 Hello Michiel! 09 May 2015 09:31, Michiel van der Vlist wrote to Tommi Koivula: MvdV> 2) The firewall in the camping's router may block incoming ICMP. MvdV> IPv6 firewalls shouldn't, but who knows... MvdV> http://www.campingboszicht.nl/ here is my own shorewall6 on linode ----- ipv6.icmp begins ----- Shorewall6 4.6.6.2 filter Table at linode - lør maj 9 16:42:27 BST 2015 Counters reset tor maj 7 02:35:05 BST 2015 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 118K 164M net-fw all eth0 * ::/0 ::/0 464K 97M ACCEPT all lo * ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:INPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:FORWARD:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 102K 22M fw-net all * eth0 ::/0 ::/0 464K 97M ACCEPT all * lo ::/0 ::/0 0 0 Reject all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 LOG flags 0 level 6 prefix "Shorewall:OUTPUT:REJECT:" 0 0 reject all * * ::/0 ::/0 [goto] Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */ 7452 775K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */ 641 46152 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */ 1507 108K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */ 0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */ Chain Broadcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ff00::/8 Chain Drop (1 references) pkts bytes target prot opt in out source destination 0 0 reject tcp * * ::/0 ::/0 tcp dpt:113 /* Auth */ 9600 930K AllowICMPs icmpv6 * * ::/0 ::/0 18 1256 Broadcast all * * ::/0 ::/0 3 180 DROP all * * ::/0 ::/0 ctstate INVALID 0 0 DROP udp * * ::/0 ::/0 multiport dports 135,445 /* SMB */ 1 98 DROP udp * * ::/0 ::/0 udp dpts:137:139 /* SMB */ 0 0 DROP udp * * ::/0 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 2 120 DROP tcp * * ::/0 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP tcp * * ::/0 ::/0 tcp flags:!0x17/0x02 0 0 DROP udp * * ::/0 ::/0 udp spt:53 /* Late DNS Replies */ Chain Reject (3 references) pkts bytes target prot opt in out source destination 0 0 reject tcp * * ::/0 ::/0 tcp dpt:113 /* Auth */ 0 0 AllowICMPs icmpv6 * * ::/0 ::/0 0 0 Broadcast all * * ::/0 ::/0 0 0 DROP all * * ::/0 ::/0 ctstate INVALID 0 0 reject udp * * ::/0 ::/0 multiport dports 135,445 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp dpts:137:139 /* SMB */ 0 0 reject udp * * ::/0 ::/0 udp spt:137 dpts:1024:65535 /* SMB */ 0 0 reject tcp * * ::/0 ::/0 multiport dports 135,139,445 /* SMB */ 0 0 DROP tcp * * ::/0 ::/0 tcp flags:!0x17/0x02 0 0 DROP udp * * ::/0 ::/0 udp spt:53 /* Late DNS Replies */ Chain dynamic (1 references) pkts bytes target prot opt in out source destination Chain fw-net (1 references) pkts bytes target prot opt in out source destination 73083 19M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED 29060 2661K ACCEPT all * * ::/0 ::/0 Chain logdrop (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ::/0 ::/0 Chain logflags (5 references) pkts bytes target prot opt in out source destination 0 0 LOG all * * ::/0 ::/0 LOG flags 4 level 6 prefix "Shorewall:logflags:DROP:" 0 0 DROP all * * ::/0 ::/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 reject all * * ::/0 ::/0 Chain net-fw (1 references) pkts bytes target prot opt in out source destination [chain-stripped since you have no point of knowing more here] Chain reject (10 references) pkts bytes target prot opt in out source destination 0 0 DROP all * * ff00::/8 ::/0 0 0 DROP 2 * * ::/0 ::/0 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain sha-lh-60157b00122c157066b3 (0 references) pkts bytes target prot opt in out source destination Chain sha-rh-6032b1cfc6cf174aeaed (0 references) pkts bytes target prot opt in out source destination Chain shorewall (0 references) pkts bytes target prot opt in out source destination 0 0 all * * ::/0 ::/0 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Chain tcpflags (1 references) pkts bytes target prot opt in out source destination 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x29 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x00 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x06/0x06 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x03/0x03 0 0 logflags tcp * * ::/0 ::/0 [goto] tcp spt:0 flags:0x17/0x02 ----- ipv6.icmp ends ----- i consider it ready for crashmail/crashtick :=) Regards Benny .... there can only be one way of life, and it works :) --- Msged/LNX 6.2.0 (Linux/3.18.11-gentoo (i686)) * Origin: duggi.junc.org where qico is waiting (1:261/38.20) .