* How can I drop IPv6 auto configuration traffic when bridging two interfaces?
@ 2017-02-27 16:51 Håvard Rabbe
0 siblings, 0 replies; only message in thread
From: Håvard Rabbe @ 2017-02-27 16:51 UTC (permalink / raw)
To: netfilter
Hi
Im using tinc vpn to bridge networks together. And im using ebtables to block dhcp traffic for ipv4 on each node in tinc. One of my nodes have recently began using ipv6. The isp is using auto configuration to give out ipv6 addresses. The problem is that every computer in my bridged network is getting ipv6 addresses from that node.
The other computers behind the other nodes have no use for ipv6 addresses it gets through the tinc tunnel.
Is there a way to block ipv6 auto configuration traffic entering the tinc tunnel on each node?
This is the bridging:
root@JOTVPN:~# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.000c29638a7e no eth0
vpn
This is what I have tried so far:
ip6tables -A FORWARD -o bridge -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
ip6tables -A FORWARD -i bridge -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP
root@JOTVPN:~# ip6tables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -o bridge -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j DROP
-A FORWARD -i bridge -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j DROP
But its not working
Do someone know how to fix this?
Best Regards,
HÃ¥vard Rabbe
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-02-27 16:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-27 16:51 How can I drop IPv6 auto configuration traffic when bridging two interfaces? Håvard Rabbe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.