as I have understood ipfire does not support ipv6 by now.
At the moment it looks like, that any ipv6 traffice is - by default - bypassing ipfire (and my routing-rules) and “reaches” anything in the WAN.
My fireoptions r:
NAT in use.
What do I have to do so that only ipv4-traffice is allowed through by the firewall?
All the firewall rules, as far as I can tell (limited knowledge) by searching in the git repository are using iptables which is IPv4 based.
If you have IPv6 traffic on your lan network then you will probably need to write your own firewall rules into some script using ip6tables which exists in IPFire. You will not be able to do this via the WUI. Also your rules, I would expect, will also need to use the ip6tables-apply, ip6tables-restore and ip6tables-save commands in the appropriate way to make the rules you raise valid. That script would then need to be run during the startup of IPFire, so would an initscript to run it.
I don’t believe you can use firewall.local because I believe that takes any rules listed in there and runs them via iptables and hence only for IPv4.
Maybe someone else with better understanding of how the firewall rules are used in IPFire can comment further.
I’ve just tried to reproduce the situation with my W10 system.
If I only activate IPv6 there is no internet connection. So IPv6 traffic isn’t passed through IPFire.
I think you have some other problem. How is your client connected?
But this refers to IPv4!
If IPv6 traffic is possible, there must be some other connection to the internet.
The ‘standard’ is WAN <---> access device ( modem, ... ) <---> IPFire <---> LAN with clients
The two local networks are IPv4 only.
@uraltermann , if the IPv6 traffic is accomplished by tunneling, this post may be interesting.
New user with IPFire.
The way that I setup the network is that I use IPFire also as a DHCP server. This server does not pass IPv6 adresses.
Maybe something to test out. My setup did not pass IPv6.
(though I use a home network and I also disabled IPv6 on all clients)