Posted: Tue Dec 27, 2022 17:19 Post subject: How do I secure my ipv6 on DD-Wrt
Router Model Linksys WRT1900ACS
Firmware Version DD-WRT v3.0-r51043 std (12/19/22)
I use ipv6 on my network but i see that its not secure at all,
how do i secure it using firewall?
Alternatively, add the following lines to /etc/config/network and restart the network service:
config interface 'wan_6'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option device '@wan'
added a traffic rule as the LAST rule : From WAN, any protocol, IPv4 and IPv6, destination any zone, action DROP. All green now. You just need to decide if you want to filter or drop (Stealth).
That's because I had the default policy set to "accept". Alternatively, not using the rule and setting the default policy to "drop": _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
Same result, all green removed echo request from the allowed ICMP incoming rule, and now Ping goes stealth as well: _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
Joined: 18 Mar 2014 Posts: 12834 Location: Netherlands
Posted: Tue Dec 27, 2022 18:13 Post subject:
If you drop all traffic it is like disabling IPv6.
DDWRT also has a DROP rule in place, but if you add a drop rule it will be placed on top basically disabling everything:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
23M 27G ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
61890 30M ACCEPT all * eth0 ::/0 ::/0
1 168 ACCEPT icmpv6 * * ::/0 ::/0 limit: avg 30/min burst 5
3395 231K REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited
I was thinking how for ipv4 you can assign some rules, as is the case with OpenWrt which standard does not come set with the following rules, but I respect ddwrt which passes the test https://www.grc.com/x/ne.dll?rh1dkyd2 with standard settings ....
Honestly, I'm not a network specialist, I thought I could bring certain things in your attention, maybe some implemented things can work for ddwrt too.. _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
Finally, DD-wrt takes important steps in implementing IPV6, the test is passed with the default settings, I just wanted to update this topic! _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
Finally, DD-wrt takes important steps in implementing IPV6, the test is passed with the default settings, I just wanted to update this topic!
Interesting, thanks! I tried that port test link ( https://ipv6.chappell-family.com/ipv6tcptest/ ) with IPV6 disabled and got an expected error for accessing with an IPV4 address. Then I tried enabling IPV6, but could no longer access the page at all. I had the DHCPv6 type enabled. Was your green result with a different type enabled? If not, I guess I must have an incompatibility with my firewall and/or VPN. _________________ My DD-WRT Routers:
Linksys WRT3200ACM - Marvell
Linksys WRT1900ACS - Marvell
Netgear R9000 - Atheros
Netgear R7000 - Broadcom
PC x86-64 VM - Atheros
My only setting in the ipv6 tab is the choice of IPv6 connections Type DHCPv6 with Prefix Delegation _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt
I have a question, do you think it is possible for ICMPv6 ECHO REQUEST returned to also receive ECHO NO REPLY in the test?
In openwrt removed echo request from the allowed ICMP incoming rule, and now Ping goes stealth as well..
I recently visited a friend who bought a tplink router and I noticed that it passes the test without problems with the original software, with the default settings! _________________ Internet provider https://en.wikipedia.org/wiki/RCS_%26_RDS 1Gbps
WDR3600 rev.1.5 - DD-Wrt
Linksys WRT1900ACS v.2 DD-Wrt/-OpenWrt