How to configure something like "Reflexive ACL" on OpenBSD?
Posted
by
Earlz
on Server Fault
See other posts from Server Fault
or by Earlz
Published on 2012-03-29T07:27:58Z
Indexed on
2012/03/29
17:33 UTC
Read the original article
Hit count: 222
My U-Verse modem has something called "Reflexive ACL" described as
Reflexive ACL: When IPv6 is enabled, you can enable Reflexive Access Control Lists to deny inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules).
This seems like a pretty good way to keep from having to maintain a firewall on each computer behind my router that gets handed an IPv6 address. It sounds about like a NAT, which for my small home network is all I want right now.
Now my modem sucks as a router though, so I'm in the process of configuring an OpenBSD router to do that. I've got IPv6 supported and all that and my OpenBSD router will hand out IPv6 addresses by rtadvd. Now I want to keep people from having instant access to my local network through IPv6.
How would I best do something like Reflexive ACL with pf in OpenBSD 5.0?
© Server Fault or respective owner