Block any other Networktraffic beside IP4-Traffic?

Hi @uraltermann

Welcome to the IPFire community.

That is correct. IPv6 is being built into IPFire3.x but will still take some time.
IPFire2.x has IPv6 disabled by default in /etc/sysctl.conf

  31 net.ipv6.conf.all.disable_ipv6 = 1
  32 net.ipv6.conf.default.disable_ipv6 = 1
  35 net.ipv6.conf.all.accept_redirects = 0
  36 net.ipv6.conf.default.accept_redirects = 0

All the firewall rules, as far as I can tell (limited knowledge) by searching in the git repository are using iptables which is IPv4 based.

If you have IPv6 traffic on your lan network then you will probably need to write your own firewall rules into some script using ip6tables which exists in IPFire. You will not be able to do this via the WUI. Also your rules, I would expect, will also need to use the ip6tables-apply, ip6tables-restore and ip6tables-save commands in the appropriate way to make the rules you raise valid. That script would then need to be run during the startup of IPFire, so would an initscript to run it.

I don’t believe you can use firewall.local because I believe that takes any rules listed in there and runs them via iptables and hence only for IPv4.

Maybe someone else with better understanding of how the firewall rules are used in IPFire can comment further.

1 Like