{"id":2165,"date":"2018-03-23T20:48:43","date_gmt":"2018-03-23T20:48:43","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=2165"},"modified":"2018-03-23T20:49:22","modified_gmt":"2018-03-23T20:49:22","slug":"ipv6-firewall-rules-for-mikrotik","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/ipv6-firewall-rules-for-mikrotik\/","title":{"rendered":"IPV6 Firewall rules for Mikrotik"},"content":{"rendered":"

Some basic IPV6 Firewall Rules for Mikrotik. Replace in-interface=”” with your appropriate interface.<\/p>\n

\/<\/span>ipv6 firewall filter\r\n<\/span>add<\/span> chain<\/span>=<\/span>input protocol<\/span>=<\/span>icmpv6\r\n<\/span>add<\/span> chain<\/span>=<\/span>input connection<\/span>-<\/span>state<\/span>=<\/span>established<\/span>,<\/span>related\r\n<\/span>add<\/span> chain<\/span>=<\/span>input dst<\/span>-<\/span>port<\/span>=<\/span>546<\/span> in<\/span>-<\/span>interface<\/span>=<\/span>ether1<\/span>-<\/span>wan protocol<\/span>=<\/span>udp src<\/span>-<\/span>port<\/span>=<\/span>547<\/span>\r\nadd<\/span> action<\/span>=<\/span>drop chain<\/span>=<\/span>input connection<\/span>-<\/span>state<\/span>=<\/span>invalid\r\n<\/span>add<\/span> action<\/span>=<\/span>drop chain<\/span>=<\/span>input connection<\/span>-<\/span>state<\/span>=<\/span>new<\/span> in<\/span>-<\/span>interface<\/span>=<\/span>ether1<\/span>-<\/span>wan\r\n<\/span>add<\/span> chain<\/span>=<\/span>forward protocol<\/span>=<\/span>icmpv6\r\n<\/span>add<\/span> chain<\/span>=<\/span>forward connection<\/span>-<\/span>state<\/span>=<\/span>established<\/span>,<\/span>related\r\n<\/span>add<\/span> chain<\/span>=<\/span>forward connection<\/span>-<\/span>state<\/span>=<\/span>new<\/span> in<\/span>-<\/span>interface<\/span>=!<\/span>ether1<\/span>-<\/span>wan\r\n<\/span>add<\/span> action<\/span>=<\/span>drop chain<\/span>=<\/span>forward connection<\/span>-<\/span>state<\/span>=<\/span>invalid\r\n<\/span>add<\/span> action<\/span>=<\/span>drop chain<\/span>=<\/span>forward connection<\/span>-<\/span>state<\/span>=<\/span>new<\/span> in<\/span>-<\/span>interface<\/span>=<\/span>ether1<\/span>-<\/span>wan<\/span><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Some basic IPV6 Firewall Rules for Mikrotik. Replace in-interface=”” with your appropriate interface. \/ipv6 firewall filter add chain=input protocol=icmpv6 add chain=input connection-state=established,related add chain=input dst-port=546 in-interface=ether1-wan protocol=udp src-port=547 add action=drop chain=input connection-state=invalid add action=drop chain=input connection-state=new in-interface=ether1-wan add chain=forward protocol=icmpv6 add chain=forward connection-state=established,related add chain=forward connection-state=new in-interface=!ether1-wan add action=drop chain=forward connection-state=invalid add action=drop chain=forward connection-state=new […]<\/p>\n","protected":false},"author":1,"featured_media":2163,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[24],"tags":[457,42,25],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/03\/download.jpg?fit=309%2C163","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-yV","jetpack-related-posts":[{"id":2755,"url":"http:\/\/www.mtin.net\/blog\/basic-ipv6-mikrotik-firewall\/","url_meta":{"origin":2165,"position":0},"title":"Basic IPV6 Mikrotik Firewall","author":"j2sw","date":"January 24, 2019","format":false,"excerpt":"Below is a basic IPV6 firewall fillter for your Mikrotik CPE devices.\u00a0 This is a good start for customer-facing CPE. \u00a0 \/ipv6 firewall filter add chain=forward comment=\"allow forwarding established, related\" connection state=established,related add chain=forward comment=\"allow forward lan->wan\" in-interface=lan out-interface=wan add chain=forward comment=\"allow ICMPv6 forwarding\" in-interface=wan protocol=icmpv6 add action=reject chain=forward comment=\"reject\u2026","rel":"","context":"In "IPV6"","block_context":{"text":"IPV6","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/ipv6\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":297,"url":"http:\/\/www.mtin.net\/blog\/protecting-your-mikrotik-from-dns-amplification\/","url_meta":{"origin":2165,"position":1},"title":"Protecting your Mikrotik from DNS Amplification","author":"j2sw","date":"May 8, 2015","format":false,"excerpt":"There are several reasons and benefits to using your Mikrotik as a DNS caching server. \u00a0Queries to the client are just a tad faster, which makes the overall user experience seem snappier. \u00a0It also allows you to quickly change upstream DNS servers in the even of an outage, attack, etc.\u2026","rel":"","context":"In \"amplification\"","block_context":{"text":"amplification","link":"http:\/\/www.mtin.net\/blog\/tag\/amplification\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3356,"url":"http:\/\/www.mtin.net\/blog\/vultr-mikrotik-and-ipv6\/","url_meta":{"origin":2165,"position":2},"title":"Vultr, Mikrotik and IPV6","author":"j2sw","date":"April 14, 2019","format":false,"excerpt":"Over at my j2sw Blog I posted an article on setting up a Mikrotik CHR under a Vultr Instance. Check it out. http:\/\/blog.j2sw.com\/2019\/04\/14\/mikrotik-router-as-a-vultr-host\/","rel":"","context":"In "IPV6"","block_context":{"text":"IPV6","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/ipv6\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1951,"url":"http:\/\/www.mtin.net\/blog\/interesting-mikrotik-gui-behavior\/","url_meta":{"origin":2165,"position":3},"title":"Interesting Mikrotik GUI behavior","author":"j2sw","date":"December 28, 2017","format":false,"excerpt":"While bringing up a BGP session for a client I kept trying to add our side of a \/126.\u00a0 It kept reverting to the network address.\u00a0 The video shows what happens when I tried to add ::12\/126 to the IPV6 addresses. After some second-guessing and then some Facebook chatting I\u2026","rel":"","context":"In \"bug\"","block_context":{"text":"bug","link":"http:\/\/www.mtin.net\/blog\/tag\/bug\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/12\/Screen-Shot-2017-12-27-at-11.09.42-PM-3.png?fit=550%2C388&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1333,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-routeros-3-36\/","url_meta":{"origin":2165,"position":4},"title":"Mikrotik RouterOS 3.36","author":"j2sw","date":"July 22, 2016","format":false,"excerpt":"Lots of things fixed in this release. What's new in 6.36 (2016-Jul-20 14:09): *) arm - added Dude server support; *) dude - (changes discussed here: http:\/\/forum.mikrotik.com\/viewtopic.php?f=8&t=110428); *) dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1353,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-36-2\/","url_meta":{"origin":2165,"position":5},"title":"Mikrotik Router OS 6.36.2","author":"j2sw","date":"August 26, 2016","format":false,"excerpt":"To upgrade, click \"Check for updates\" at \/system package in your RouterOS configuration interface, or head to our download page: http:\/\/www.mikrotik.com\/download v6.36.2 forum topic discussion, http:\/\/forum.mikrotik.com\/viewtopic.php?f=21&t=111450 What's new in 6.36.2 (2016-Aug-22 12:54): *) arm - show cpu frequency under resources menu; *) capsman - fixed upgrade policy; *) ccr\/crs -\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2165"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=2165"}],"version-history":[{"count":2,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2165\/revisions"}],"predecessor-version":[{"id":2167,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2165\/revisions\/2167"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media\/2163"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=2165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=2165"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=2165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}