Block incoming IPv6 access to LAN clients with firewalld?
I'm just getting started in the IPv6 world but have run into a problem that I can't solve involving firewalld on F20.
I do all of my routing through my F20 server and use firewalld (with firewall-config for ease of configuration).
Here is my IPv6 setup:
bond0 (LAN) - fe80::/64 and 2601::/64
p3p1 (WAN) - fe80::/64 only
p3p1 in external zone in firewalld with allowed services/port forwards
dnsmasq is serving 2601::/64 IPs to my LAN machines on bond0 and doing RAs. Firewalld is not blocking anything incoming for those LAN machines. For services local to the server, firewalld IS blocking/allowing IPv6 traffic as expected.
Is there something I can add to firewalld to block incoming IPv6 traffic to my LAN?
Thanks!!
|