Some of certification tests could cover IPv6 firewall. For example:
make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).
More complicated filters could be:
remote TCP port,
or even ip6tables-specific like
break connection after sending 16384 bytes (could be cheated with httpd, however)
quota
etc etc
...
Quote from: adiblol on January 11, 2012, 07:03:16 AM
Some of certification tests could cover IPv6 firewall. For example:
make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).
Anything would need to be OS-neutral in my opinion. I did this for my test setup for the http and smtp servers by setting up an ipv6 access list on my router.