[Firehol-support] Success story with IPv6-firehol

Klaus Kruse kkruse.1987 at googlemail.com
Wed Jul 27 10:03:27 BST 2011 

Hello Firehol-users,

My last weekend-project was to make my small home network IPv6-ready
with a SIXXS-tunnel . Needless to say, the needed firewallng should
integrate well into my existing firehol configuration. So, I give Phil
Whinerays IPv6-enhanced firehol version [2] a try. And...it just
works! If any needs IPv6-support for his firehol configuration, you
should go with this.

Here's my (simplified) config:

version 5

interface eth0 homenetwork
	policy reject
	server "blablabla" accept
	server ipv6error accept
	client ipv6neigh accept
	server ipv6neigh accept
	client ipv6router accept
	server ipv6router accept
	ipv6 server ping accept
	client all accept

interface eth1 guestwifi
	policy reject
	server "bla" accept
	server ipv6error accept
        client ipv6neigh accept
        server ipv6neigh accept
        client ipv6router accept
        server ipv6router accept
	ipv6 server ping accept
	client all accept

interface tun0 internet
	policy drop
	protection strong	
	server "bla" accept	
	client all accept	

interface sixxs ipv6
	policy drop
	protection strong
	server ipv6error accept
	client ipv6neigh accept
	server ipv6neigh accept
	client ipv6router accept
	server ipv6router accept
	ipv6 server ping accept	
	client all accept	

router homenetwork2internet inface eth0 outface tun0
	ipv4 masquerade
	route all accept

router homenetwork2internet inface eth1 outface tun0
	ipv4 masquerade
	route all accept

router homenetwork2guestwifi inface eth0 outface eth1
	ipv4 masquerade
	route all accept

router homenetwork2ipv6 inface eth0 outface sixxs
	route all accept

router guestwifi2ipv6 inface eth1 outface sixxs
	route all accept	


You probably need aiccu and radvd well configured. In my case, I used
a AYIYA tunnel and radvd listens on eth0 & eth1 [3].

Greets,
Klaus


[1] http://www.sixxs.net/
[2] http://sourceforge.net/mailarchive/message.php?msg_id=27014139
[3] Tons of howtos available in the internet. Some of them didn't
mention, that you have to manually give your routers network interface
an adress from your subnet or the routing won't work.

More information about the Firehol-support mailing list