Bug #13392
closed
Ipv6 firewall exposing all global addresses on lan.
0%
Description
Hello.
I’ve just configured ipv6 provided by my isp with following settings\
Interfaces --> WAN --> DHCP6 Client Configuration --> DHCPv6 Prefix Delegation size="56"
Request only an IPv6 prefix - selected
Do not wait for a RA - slected-
Interfaces --> LAN --> General Configuration --> IPv6 Configuration Type="Track Interface"
Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Interface="WAN"
Interfaces --> LAN --> Track IPv6 Interface --> IPv6 Prefix ID="0" --> Save
Services --> DHCPv6 Server & RA --> Router Advertisements --> Router mode="Unmanaged"
(Note: i don’t get any ipv6 global address in my wan interface only link local .. this is how my ISP works apparently)
Everything works fine and I get global addresses for all my machines on lan interface. The problem is all ports on those machines are wide open to the internet and i can, for exemplo ssh into some of the VMs I have running on my homelab without even setting any firewall rules on the wan interface.
I was told on the netgate forum this is not a normal behaviors and that even global address should only be accessible if firewall rules are set on wan interface. The same is confirmed by netgate docs.
Can someone replicate the problem.
Updated by 
Updated by