Block Ping to IPv6 Devices

I'm probably being obtuse, but shouldn't disabling the default Firewall Traffic Rule Allow-ICMPv6-Forward disable any ping from WAN to any IPv6 device? Because it doesn't.

I'm forced to use IPv6 alongsinde v4, but I don't have the mental capacity to get accustomed to v6, so I'd like to have only the bare minimum enabled, without any direct access from WAN to my clients (that's all set up via v4). The ports are all shut, but I can still ping my devices from outside.

Thanks for any help, happy to post my relevant configurations.

You need some/Most icmpv6 so that ipv6 works.

1 Like

Okay thanks, so you're basically just not supposed/able to block pings to IPv6 addresses?

What's the issue then?

  1. Coming from a lifetime of NAT, this just feels wrong. If it's generally supposed to be best practice then I'm fine with it.
  2. Even if I'll revert it because of 1., disabling ICMPv6-Forward should still block pings, no?

End to end connectivity has always been best practice.

It does on my device.

More context: http://shouldiblockicmp.com/

1 Like