IPv6 Firewall rules - TL-R605 v1 1.1.1
Starting to play around with IPv6 and it all works so fare very well... although I'm curious if I can find somewhere in the controller settings to adjust/manage firewall rules for IPv6.
Currently ports and services are exposed to the Internet via IPv6, of course I can do host based firewalls, but preferably do it on the router for the whole LAN.
To decrease the attack surface, I currently disabled IPv6 and enable it only when I play around with it.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Fae wrote
Dear @paderijk, @add1n1, @anzenketh, and other community members,
Thank you so much for showing your great attention to the IPv6 Firewall rules on the Omada Routers!
It's confirmed that IPv6 Firewall rule is planned to be supported in the firmware adapted to Omada Controller v5.9, which can be expected to release in the end of December. So stay tuned!
Note: All of our releases are subject to advancement or postponement. The release time mentioned here is for your reference only, it's subject to the actual firmware condition.
Thanks for your response!
The reason we keep asking is because IPv6 ACL was on the road map for the ER605 V1 but was later abandoned for some reason which you now say was the hardware limitation. What I'm wondering is wasn't the hardware limitation known when the plan was initially made?
I understand your plans are subject to change but it would be nice to get some clarity on the whole situation.
Really appreciate the bug fixes and the security patches.
Thanks
- Copy Link
- Report Inappropriate Content
Hi @HomeGeek23
Thanks for posting in our business forum.
HomeGeek23 wrote
Fae wrote
Dear @paderijk, @add1n1, @anzenketh, and other community members,
Thank you so much for showing your great attention to the IPv6 Firewall rules on the Omada Routers!
It's confirmed that IPv6 Firewall rule is planned to be supported in the firmware adapted to Omada Controller v5.9, which can be expected to release in the end of December. So stay tuned!
Note: All of our releases are subject to advancement or postponement. The release time mentioned here is for your reference only, it's subject to the actual firmware condition.
Thanks for your response!
The reason we keep asking is because IPv6 ACL was on the road map for the ER605 V1 but was later abandoned for some reason which you now say was the hardware limitation. What I'm wondering is wasn't the hardware limitation known when the plan was initially made?
I understand your plans are subject to change but it would be nice to get some clarity on the whole situation.
Really appreciate the bug fixes and the security patches.
Thanks
That was not a guarantee. Fae did not know if this IPv6 firewall was applied to the V1 or V2. So it is the fact that there is a plan to add it but Fae did not guarantee you this feature would be added to the V1.
Fae said that the IPv6 firewall was added to the controller on the V5.9 Controller. But did not say if it is gonna be implemented in the routers.
And, ER605 V1 was estimated to stop its product 2 years ago.
I hope you can correct what you said in my quote above. I have corrected you once in the previous reply. Please stop distorting the statement by my former colleague.
Because of repeated feature requests on V1 even after its EOL, we asked and later knew that the V1 ran out of its hardware resources. In order to keep it working smoothly with the settings(confg) of the max, the dev determines to stop adding new features.
To be exact, there is with very small amount of hardware resources but it is not enough to support any new features and this remaining resource is to keep the max config on the router running smoothly.
I hope I have explained the situation clearly. I am being very blunt about the facts and situation. I cannot go any further.
Firewall is very demanding. Even with the ER7206 or later model, if you have too many rules, that would make the router boot slowly because it needs to generate the firewall and iptables behind the scenes.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A. Thanks for your response.
I want to make it clear that I'm not demanding anything from you or your team. I'm trying to understand the process behind the decision making because this is a feature many of us were looking forward to.
And I'm not trying to distort what your former colleague had previously said. I even made it clear that I understand your statements and plans are subject to change. I'm not holding you or any of your team members to it. I was just trying to understand the situation and given the time frame of the message I had quoted, seemed to me this was going to implemented for the ER605 V1, espescially since this thread is specifically for that hardware revision.
Anyway, thank you for clarifying this misunderstanding and I appreciate your clear and blunt message. But also want you to know I'm not trying to be hostile or confrontational. I was trying to understand why this feature was not implemented.
Also if you had any update on the security patch update I would really appreciate that.
Thanks
- Copy Link
- Report Inappropriate Content
@Fae / Others
This morning I received the update (2.2.3 Build 20231201 Rel.32918) for my TL-R605 v2 which enabled IPv6 ACLs via the Omada SDN...
All works great!
Thanks for the Christmas present!
Merry Christmas and a Happy New year!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 27
Views: 21450
Replies: 84