TL-R605 how to add firewall rules? (ex. block incoming IPv6)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-R605 how to add firewall rules? (ex. block incoming IPv6)
TL-R605 how to add firewall rules? (ex. block incoming IPv6)
2021-07-10 00:47:09
Hardware Version: V1
Firmware Version: 1.1.0

Hi-

 

I am using a local Omada software controller (4.4.3) to manage my network, and recently installed the (beta 1.1.0) firmware for this router. Can confirm that IPv6 is working great! Am able to use SLAAC and get real IPv6 addresses for all internal LAN devices with the /64 prefix assigned by my ISP.

 

However, within the Omada interface I can find no way to add specific firewall rules for WAN to LAN. This seems like a basic feature that is missing... is it coming in the future? For a specific example, I need to prevent incoming connections to addresses assigned to my IPv6 devices. For IPv4 w/NAT and local addresses this is less of an issue, but with IPv6 SLAAC these are real public addresses and I have confirmed they are directly accessible from the Internet. Putting aside the fact that per-device firewalls should be used as well, it is a major security problem that I can find no way to block incoming connections at the gateway level. A lot of other devices will do this by default and are configurable, but I can not find a way to prevent it with Omada+TL-R605.

 

Is there any other way to prevent incoming IPv6 connections to LAN devices? What are the future plans for allowing customized firewall rules? This functionality is critical for a lot of use cases.

 

Thank you!

0
0
#1
Options
1 Reply
Re:TL-R605 how to add firewall rules? (ex. block incoming IPv6)
2021-11-17 02:02:56

@jstorz 

 

Sorry I don't really have much to say to help...except I just enabled IPv6 on my R605 and am seeing the same behavior. I don't see any firewall rules to block anything IPv6 related from the WAN. This is concerning. 

0
0
#2
Options