Starting to get to the finish line with my home router, but wonder what’s the correct way to block all ipv6. I don’t see that I will use ipv6 in a foreseeable future at home.
I found a thread with someone disabling it in kernel, but wonder if bellow is enough?
# Disable ipv6
- set firewall ipv6 input filter default-action 'drop'
- set firewall ipv6 forward filter default-action 'drop'
- set system ipv6 disable-forwarding
Yes it should be enough.
set system ipv6 disable-forwarding
will disable IPv6 routing.
And extra safety is to block it through the firewall aswell:
set firewall ipv6 input filter default-action ‘drop’
set firewall ipv6 output filter default-action ‘drop’
set firewall ipv6 forward filter default-action ‘drop’
Just make sure that you dont have any other IPv6 rules in input/output/forward who will accept traffic.
You can also as a third option in combination with above to be REALLY sure add this to the linux-line in grub.cfg:
ipv6.disable=1
Note however that the above addition to the Linux kernel might break things in various apps.
2 Likes