Firewall rule to block ipv6 traffic over Wireguard

ray308 · February 17, 2023, 2:10pm

Is there a way, to block ipv6 traffic for al traffic over my wireguard interface.
I use policy routing for some iot devices and the are behind a wireguard vpn. But offcourse ipv6 is leaking, because al devices are on ipv4 and ipv6.
But if there is a way to block ipv6 traffic on my WG0 interface then only ipv4 traffic has access.

using openwrt 22.03.3 on a raspberry pi 4B.

Something like;
reject ipv6 traffic from lan to wg0?

`config rule
	option name 'block ipv6 traffic over WG0'
	option family 'ipv6'
	list proto 'all'
	option src 'lan'
	option dest 'Wireguard'
	option target 'REJECT'`

mk24 · February 17, 2023, 4:25pm

I don't think this is an issue. Wireguard doesn't allow any traffic that's not from an allowed_ip, and no IPv6 IPs are allowed by default. Wireguard interfaces don't even get a link-local IPv6 by default.

Bill · February 17, 2023, 6:17pm

Wiki WireGuard extras

Disable Gateway Redirection

ipv6 Gateway

system · February 27, 2023, 6:17pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.