Hello,
I'd like to block all IPv6-traffic coming from a specific IP on my LAN.
I have a PC on my LAN that causes my DSL-modem to reset from time to time. Battling this issue for weeks I'm thinking that it might be due to IPv6-packages.
My ISP swapped my modem two times and has now sent me third, newer model, but this also resets when connecting the pc (Raspberry Pi) to the network after a while.
Route is: RPi -> switch -> internal-nic -> external-nic -> DSL-modem.
In/External-nic is on the FreeBSD-box.
I'm thinking that I can make my FreeBSD server (which acts as router/gateway/firewall) filter the packets that is causing the reset on the modem.
But how ?
in my /etc/rc.conf I've put:
I've also done
but it does not seem to do the trick. Im guessing that PF still lets the packets pass through (?).
In pf.conf I've tried with this to deny ALL traffic but the RPi still connects to the internet:
(warning: Im -not- familiar with fw-rules and I have a hard time understanding them, so please excuse my poor skills on this)
My reasoning for the rules is that I want to know which lines work and dont work, and when confirmed I'll later be able to specify that only IPv6-traffic is to be blocked.
(If you are wondering why I dont just disable IPv6 on the Raspberry its because I've already tried, and failed. And also, when trying out new distros/images it seems to be the default that IPv6 is enabled and so it would be "easier" to just block that traffic once and for all outside the RPi).
Software:
FreeBSD 8.2-Stable
Hardware:
Source of problems - Raspberry Pi
DSL Modem 1 - Zyxel p2602R-d1a
DSL Modem 2 - Zyxel p2601hn-f1
(another strange thing is that all modems is configured (by the ISP) as bridges but I guess they still react to some specific kinds of packets).
I'd like to block all IPv6-traffic coming from a specific IP on my LAN.
I have a PC on my LAN that causes my DSL-modem to reset from time to time. Battling this issue for weeks I'm thinking that it might be due to IPv6-packages.
My ISP swapped my modem two times and has now sent me third, newer model, but this also resets when connecting the pc (Raspberry Pi) to the network after a while.
Route is: RPi -> switch -> internal-nic -> external-nic -> DSL-modem.
In/External-nic is on the FreeBSD-box.
I'm thinking that I can make my FreeBSD server (which acts as router/gateway/firewall) filter the packets that is causing the reset on the modem.
But how ?
in my /etc/rc.conf I've put:
Code:
ipv6_enable="NO"
Code:
sysctl net.inet6.ip6.forwarding=0In pf.conf I've tried with this to deny ALL traffic but the RPi still connects to the internet:
Code:
block out quick on $External from $RPi to any
block out quick on $External from $RPiWifi to any
block in quick on $External from $RPi to any
block in quick on $External from $RPiWifi to anyMy reasoning for the rules is that I want to know which lines work and dont work, and when confirmed I'll later be able to specify that only IPv6-traffic is to be blocked.
(If you are wondering why I dont just disable IPv6 on the Raspberry its because I've already tried, and failed. And also, when trying out new distros/images it seems to be the default that IPv6 is enabled and so it would be "easier" to just block that traffic once and for all outside the RPi).
Software:
FreeBSD 8.2-Stable
Hardware:
Source of problems - Raspberry Pi
DSL Modem 1 - Zyxel p2602R-d1a
DSL Modem 2 - Zyxel p2601hn-f1
(another strange thing is that all modems is configured (by the ISP) as bridges but I guess they still react to some specific kinds of packets).