StaplesMan
Technical User
I use a Cisco 1841 router as my firewall. Mediacom my ISP just enabled IPv6 support. I have it working now, but trying to track down a good ACL for inbound traffic. I want to block pings but at the same time must allow for DHCP and PD to work correctly. Currently this is my working access list:
ipv6 access-list IPv6_In
permit udp FE80::/64 any eq 546
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any hop-limit
permit icmp any any next-header
permit icmp any any parameter-option
permit icmp any any reassembly-timeout
permit icmp any any header
permit icmp any any router-advertisement
permit icmp any any nd-ns
permit icmp any any nd-na
deny ipv6 any any log
Should all of my entries be sourced by FE80::/64 and not "any"?
CCNA, A+, HP Certified Professional
ipv6 access-list IPv6_In
permit udp FE80::/64 any eq 546
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any hop-limit
permit icmp any any next-header
permit icmp any any parameter-option
permit icmp any any reassembly-timeout
permit icmp any any header
permit icmp any any router-advertisement
permit icmp any any nd-ns
permit icmp any any nd-na
deny ipv6 any any log
Should all of my entries be sourced by FE80::/64 and not "any"?
CCNA, A+, HP Certified Professional