• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 Firewalling Question

Started by colonelf74, June 30, 2012, 12:27:39 PM

Previous topic - Next topic

colonelf74

I know this is rather sad, it's actually more of a subnetting question.

Basically, I have several hosts happily doing their thing in IPv6, and now I want to add
firewall rules to my Apple Airport such that at least I have some policies setup for the network(deny SSH, that sort of thing).

Following is a mondo dump of my IPv6 world...and my question is what IPv6 network address can I feed my firewall such that I can add rules without specifically referencing individual hosts?

From /etc/hosts:

#
# IPv6 Address Space
#
2002:47ef:368b::21f:f3ff:fe40:8aa    somename-wifi    somename-wifi.parents.com
2002:47ef:368b::217:f2ff:fecf:69a    somename-mac    somename-mac.parents.com
2002:47ef:368b::21f:f3ff:fecf:9ee0    somename-macbook    somename-macbook.parents.com
2002:47ef:368b::70ba:a66a:1ead:9f61    wilson        wilson.home.com
2002:c058:6301::            gateway        gateway.comcast.net

From "ifconfig -a":

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 9000
    options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
    ether 00:1f:f3:cf:9e:e0
    inet6 fe80::21f:f3ff:fecf:9ee0%en0 prefixlen 64 scopeid 0x4
    inet6 2002:47ef:368b::21f:f3ff:fecf:9ee0 prefixlen 64 autoconf
    inet6 2002:47ef:368b::a9e3:5eaa:2ced:714d prefixlen 64 autoconf temporary
    inet 10.0.1.51 netmask 0xffffff00 broadcast 10.0.1.255
    media: 1000baseT <full-duplex,flow-control>
    status: active

Any advice would be greatly appreciated.

colonelf74

Nevermind, I got it all figured out.  As it turns out, Apple's Airport Extreme just doesn't go there.

Big thanks to broquea for teaching me about "ndp", and a huge thank you to Hurricane Electric for their IPv6 TunnelBroker.  It was great while it lasted.  Heck, I'd run the service even now, but that'd be dishonest(Comcast has issues, man).