ipv6 firewall

[Thaldan]

Hello

It seem there is no ipv6 firewall implementation in ADM, is this something plane or may be have I miss something?

If this is something really missing, in 2024 that will be a good thing to add.

Take care.

[father.mande]

Hi,

Please send your request directly to Asustor through Asustor support form ... because it's not sure that Asustor read all "user" forum wanted features.

F.Y.I.
I have added some ip6tables kernel modules and create link for ip6tables in tailscale-native APKG for some series (not EOL)

It's limited to part require for my APKG (table filter, table nat, mark, etc.) it's not a complete port
result are like this :
kernel modules (depends of kernel version) :

Code: Select all

ip6table_nat 16384 0 - Live 0xffffffffa0792000
ip6table_mangle 16384 0 - Live 0xffffffffa078d000
ip6table_filter 16384 0 - Live 0xffffffffa0788000
ip6_tables 28672 3 ip6table_nat,ip6table_mangle,ip6table_filter, Live 0xffffffffa0780000
xt_mark 16384 3 - Live 0xffffffffa077b000

tables managed (depends of kernel modules here before :

Code: Select all

root@AS5202Taphil:/volume1/.@root # ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ts-input   all      anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ts-forward  all      anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ts-forward (1 references)
target     prot opt source               destination
MARK       all      anywhere             anywhere             MARK xset 0x40000/0xff0000
ACCEPT     all      anywhere             anywhere             mark match 0x40000/0xff0000
DROP       all      anywhere             anywhere             ! ctstate RELATED,ESTABLISHED
ACCEPT     all      anywhere             anywhere

Chain ts-input (1 references)
target     prot opt source               destination
ACCEPT     all      as5202taphil.XXXXXX.ts.net  anywhere
ACCEPT     all      anywhere             anywhere
ACCEPT     udp      anywhere             anywhere             udp dpt:41641
root@AS5202Taphil:/volume1/.@root # ip6tables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ts-postrouting  all      anywhere             anywhere

Chain ts-postrouting (1 references)
target     prot opt source               destination
MASQUERADE  all      anywhere             anywhere             mark match 0x40000/0xff0000

I can package it separately if Asustor don't send you a positive (so more complete) response ... but I am at 600 kms of my lab ... so with some delay to do it ...

Philippe.

[snapshot]

ADM 5 is due later this year to go with the new NASs with AMD CPUs. It'll be interesting to see if an ipv6 firewall is one of the improvements.