Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
IPv6 Firewall rules for a MikroTik router to allow outgoing connections, but block incoming, unless they are responses...
/ipv6 firewall filter
add action=accept chain=input comment="Allow established connections" connection-state=established disabled=no
add action=accept chain=input comment="Allow related connections" connection-state=related disabled=no
add action=accept chain=input comment="Allow limited ICMP" disabled=no limit=50/5s,5 protocol=icmpv6
add action=accept chain=input comment="Allow UDP" disabled=no protocol=udp
add action=drop chain=input comment="" disabled=no
add action=accept chain=forward comment="Allow any to internet" disabled=no out-interface=sit1
add action=accept chain=forward comment="Allow established connections" connection-state=established disabled=no
add action=accept chain=forward comment="Allow related connections" connection-state=related disabled=no
add action=drop chain=forward comment="" disabled=no
@jrbenito

This comment has been minimized.

Copy link

commented May 20, 2014

You should allow forward ICMPv6 because this protocol is very important on fragmentation and discovery processes.

@dluciv

This comment has been minimized.

Copy link

commented Apr 2, 2017

Like this add action=accept chain=forward comment="Allow limited ICMP forwarding" disabled=no limit=50/5s,5 protocol=icmpv6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.