5.2.12. IPv6 Network Object

Shortcuts

From Our Users

As an IT outsourcing provider to small and mid sized companies Lemon Computing uses Firewall Builder to manage firewalls at customer sites and in our data centre.

Search Users Guide

Download Users Guide in PDF format (~17MB)

5.2.12. IPv6 Network Object
Prev		Next

5.2.12. IPv6 Network Object

Figure 5.57. IPv6 Network Object

The network object describes an IPv6 network or subnet. This object is very similar to the IPv4 network object, except you can only enter netmask as a bit length. Use main menu "Net Object / New Network IPv6" item to create objects of this type.

Let's see what we get if we use an IPv6 network object in a policy rule as shown:

Figure 5.58. IPv6 Network Object Used in a Rule

Here is the command generated for iptables:

$IP6TABLES -A FORWARD -p tcp -m tcp  -s 2001:470:1f0e:162::/64  --dport 80  \
-m state --state NEW  -j ACCEPT

Here is what we get for PF:

pass in   quick inet6 proto tcp  from 2001:470:1f0e:162::/64  to any port 80 keep state
pass out  quick inet6 proto tcp  from 2001:470:1f0e:162::/64  to any port 80 keep state

Here is the output for Cisco IOS access lists (only one ACL is shown):

ipv6 access-list ipv6_outside_out
  permit tcp 2001:470:1f0e:162::/64 any  eq 80 
exit

interface eth0
  ipv6 traffic-filter ipv6_outside_out out
exit

There is no IPv6 support for Cisco ASA (PIX) in Firewall Builder at this time.

Prev	Up	Next
5.2.11. IPv4 Network Object	Home	5.2.13. Address Range Object

FirewallBuilder

Shortcuts

From Our Users

Search Users Guide

5.2.12. IPv6 Network Object