Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
Which ICMPv6 message types to block on a web server
Hi, I have a Debian droplet with IPv6 enabled and the eth0 interface having a global link (public routable address) and a local link.
The droplet serves as a web server, hosting a public website.
I’m implementing a firewall on the host using iptables/ip6tables. Whereas I am accepting any traffic on the local link, I am not sure if I can safely block the following ICMPv6 message types on the global link:
- Router Solicitation (Type 133)
- Router Advertisement (Type 134)
- Neighbor Solicitation (Type 135)
- Neighbor Advertisement (Type 136)
- Inverse Neighbor Discovery Solicitation (Type 141)
Inverse Neighbor Discovery Advertisement (Type 142)
Listener Query (Type 130)
Listener Report (Type 131)
Listener Done (Type 132)
Listener Report v2 (Type 143)
Certificate Path Solicitation (Type 148)
Certificate Path Advertisement (Type 149)
Multicast Router Advertisement (Type 151)
Multicast Router Solicitation (Type 152)
Multicast Router Termination (Type 153)
Many thanks for any help.