Dňa 8. októbra 2024 21:18:14 UTC používateľ Martin Brampton <martin@xxxxxxxxxxxxxxxxxxxxxxxx> napísal: >Is this a sensible rule? > > icmpv6 type { destination-unreachable, packet-too-big, >time-exceeded, parameter-problem, echo-request, mld-listener-query, >nd-router-solicit, nd-router-advert, nd-neighbor-solicit, >nd-neighbor-advert } accept For IPv6 here is one simple rule: you must not block NDP, nor in INPUT, nor in OUTPUT, it will make your life more easy. When you understand NDP in more details, you can limit it for more security, if not, just allow all icmpv6. Do not try to be too smart, othervise you will break IPv6. regards -- Slavko https://www.slavino.sk/