I’m trying to connect up to an IXP, and they are indicating that there is MLD Multicast traffic noise on the links i have with them. Under a TCP dump i can see that there is Multicast Listener traffic. Is there anyway to disable the ipv6 listener on vyos?
Thanks for the response. I’ve attempted to play with the tunable in sysctl to no avail.
Ive applied this:
set firewall ipv6 name eth1_vif101_in default-action accept
set firewall ipv6 name eth1_vif101_in rule 10 action drop
set firewall ipv6 name eth1_vif101_in rule 10 protocol ipv6-icmp
set firewall ipv6 name eth1_vif101_in rule 10 icmpv6 type 130
set firewall ipv6 name eth1_vif101_in rule 20 action drop
set firewall ipv6 name eth1_vif101_in rule 20 protocol ipv6-icmp
set firewall ipv6 name eth1_vif101_in rule 20 icmpv6 type 143
set firewall ipv6 input filter rule 5 action ‘jump’
set firewall ipv6 input filter rule 5 inbound-interface name ‘eth1.101’
set firewall ipv6 input filter rule 5 jump-target ‘eth1_vif101_in’
But ideally I’d really not want the firewall running on this interface as this is a router.
If you’re trying to control what you’re sending to the IXP, then you’ll want that in the output chain.
Traffic that traverses VyOS (is routed) will go over the forward chain, so those rules won’t be hit for your routed traffic. You realistically should be using the input chain to secure VyOS itself.
The issue is sorted now.