Hi, I have a Debian droplet with IPv6 enabled and the eth0 interface having a global link (public routable address) and a local link.
The droplet serves as a web server, hosting a public website.
I’m implementing a firewall on the host using iptables/ip6tables. Whereas I am accepting any traffic on the local link, I am not sure if I can safely block the following ICMPv6 message types on the global link:
Router Solicitation (Type 133)
Router Advertisement (Type 134)
Neighbor Solicitation (Type 135)
Neighbor Advertisement (Type 136)
Inverse Neighbor Discovery Solicitation (Type 141)
Inverse Neighbor Discovery Advertisement (Type 142)
Listener Query (Type 130)
Listener Report (Type 131)
Listener Done (Type 132)
Listener Report v2 (Type 143)
Certificate Path Solicitation (Type 148)
Certificate Path Advertisement (Type 149)
Multicast Router Advertisement (Type 151)
Multicast Router Solicitation (Type 152)
Multicast Router Termination (Type 153)
Many thanks for any help.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $100 of credit to try our products over 60 days!