version 6 # # Basic template for a host, showing use of the ICMPv6 helper commands # to allow correct operation of IPv6. # lan=lan0 wan=wan0 # The following are needed for correct ipv6 operation on a host. # # We set up a firehol interface which matches any real interface # for icmpv6 traffic. This is given a policy of return so anything # not handled here will be processed in a normal firehol interace. # # The key provision is there is no src/dst supplied which will # interfere since can be sent to multicast addresses, even in # the case where they are not unsolicited. ipv6 interface any ipv6interop proto icmpv6 policy return client ipv6neigh accept server ipv6neigh accept client ipv6mld accept client ipv6router accept # If this machine is routing traffic, it will need to be able # to send Router Advertisment messages and Multicast Listener Queries #server ipv6router accept #server ipv6mld accept interface "$lan" lan policy reject client all accept server ssh accept server ping accept interface "$wan" wan protection strong policy deny client all accept server ping accept router lan2wan inface "$lan" outface "$wan" # Neighbour Discovery / Router Discovery packets should not # traverse a firewall normally. You may need to add some rules # if you are firewalling a bridge.