Skip to content

Commit

Permalink
Merge pull request #1217 from sarthurdev/master
Browse files Browse the repository at this point in the history 
Fix firewall syntax for refactor in PPPoE IPv6 example
  • Loading branch information
@rebortg
rebortg authored Jan 3, 2024
2 parents 9ed7dc9 + d74d2f6 commit 0cb7b82
Showing 1 changed file with 22 additions and 18 deletions.
40 changes: 22 additions & 18 deletions docs/configexamples/pppoe-ipv6-basic.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,24 +89,28 @@ To have basic protection while keeping IPv6 network functional, we need to:

.. code-block:: none
set firewall ipv6-name WAN_IN default-action 'drop'
set firewall ipv6-name WAN_IN rule 10 action 'accept'
set firewall ipv6-name WAN_IN rule 10 state established 'enable'
set firewall ipv6-name WAN_IN rule 10 state related 'enable'
set firewall ipv6-name WAN_IN rule 20 action 'accept'
set firewall ipv6-name WAN_IN rule 20 protocol 'icmpv6'
set firewall ipv6-name WAN_LOCAL default-action 'drop'
set firewall ipv6-name WAN_LOCAL rule 10 action 'accept'
set firewall ipv6-name WAN_LOCAL rule 10 state established 'enable'
set firewall ipv6-name WAN_LOCAL rule 10 state related 'enable'
set firewall ipv6-name WAN_LOCAL rule 20 action 'accept'
set firewall ipv6-name WAN_LOCAL rule 20 protocol 'icmpv6'
set firewall ipv6-name WAN_LOCAL rule 30 action 'accept'
set firewall ipv6-name WAN_LOCAL rule 30 destination port '546'
set firewall ipv6-name WAN_LOCAL rule 30 protocol 'udp'
set firewall ipv6-name WAN_LOCAL rule 30 source port '547'
set interfaces pppoe pppoe0 firewall in ipv6-name 'WAN_IN'
set interfaces pppoe pppoe0 firewall local ipv6-name 'WAN_LOCAL'
set firewall ipv6 name WAN_IN default-action 'drop'
set firewall ipv6 name WAN_IN rule 10 action 'accept'
set firewall ipv6 name WAN_IN rule 10 state established 'enable'
set firewall ipv6 name WAN_IN rule 10 state related 'enable'
set firewall ipv6 name WAN_IN rule 20 action 'accept'
set firewall ipv6 name WAN_IN rule 20 protocol 'icmpv6'
set firewall ipv6 name WAN_LOCAL default-action 'drop'
set firewall ipv6 name WAN_LOCAL rule 10 action 'accept'
set firewall ipv6 name WAN_LOCAL rule 10 state established 'enable'
set firewall ipv6 name WAN_LOCAL rule 10 state related 'enable'
set firewall ipv6 name WAN_LOCAL rule 20 action 'accept'
set firewall ipv6 name WAN_LOCAL rule 20 protocol 'icmpv6'
set firewall ipv6 name WAN_LOCAL rule 30 action 'accept'
set firewall ipv6 name WAN_LOCAL rule 30 destination port '546'
set firewall ipv6 name WAN_LOCAL rule 30 protocol 'udp'
set firewall ipv6 name WAN_LOCAL rule 30 source port '547'
set firewall ipv6 forward filter rule 10 action jump
set firewall ipv6 forward filter rule 10 jump-target 'WAN_IN'
set firewall ipv6 forward filter rule 10 inbound-interface name 'pppoe0'
set firewall ipv6 input filter rule 10 action jump
set firewall ipv6 input filter rule 10 jump-target 'WAN_LOCAL'
set firewall ipv6 input filter rule 10 inbound-interface name 'pppoe0'
Note to allow the router to receive DHCPv6 response from ISP. We need to allow
packets with source port 547 (server) and destination port 546 (client).

0 comments on commit 0cb7b82

Please sign in to comment.