Address Restrictions don't seem to block IPv6 sites

Post new topic   Reply to topic    DD-WRT Forum Index -> ARM or PPC based Hardware
View previous topic :: View next topic  
Author Message
chris_oakes
DD-WRT Novice


Joined: 11 Mar 2015
Posts: 4
PostPosted: Sat Sep 12, 2015 16:50    Post subject: Address Restrictions don't seem to block IPv6 sites Reply with quote
I have setup access restrictions to keep certain devices off the internet at night and everything works great as long as IPv6 is disabled. When I enable IPv6 and browse to an IPv6 device on one of the blocked devices I can still access the page without any restriction. Has anyone else run into this or am I not doing something right?

I am currently running:
Router Model: Asus RT-AC56U
Firmware Version: DD-WRT v3.0-r27805 std (09/11/15)
Kernel Version: Linux 3.10.87 #4602 SMP Thu Sep 10 06:28:14 CEST 2015 armv7l
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway
PostPosted: Sat Oct 03, 2015 22:56    Post subject: Reply with quote
Ipv4 and ipv6 uses different iptables. If you block the ipv4 address, the ipv6 address of the same machine will not be blocked.
Back to top View user's profile Send private message
simonykma
DD-WRT Novice


Joined: 09 May 2016
Posts: 5
PostPosted: Tue Sep 27, 2016 17:03    Post subject: Reply with quote
Is there any tutorial that can guide me towards the configuration ?

Thanks
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway
PostPosted: Sat Dec 24, 2016 18:18    Post subject: Reply with quote
Try ip6tables -h
Back to top View user's profile Send private message
rudism
DD-WRT Novice


Joined: 04 Feb 2017
Posts: 2
PostPosted: Sat Feb 04, 2017 4:43    Post subject: Reply with quote
I have the same issue, on a Linksys Archer C7 v2 running v3.0-r30949 std (12/15/16). Access restrictions set to block all access are only blocking ipv4 traffic. I can still connect to, for example, google and youtube because they resolve to ipv6 addresses.

Does anyone know if there is a way to enable ipv6 on the router but disable it per device (based on MAC address or something)?
Back to top View user's profile Send private message
rudism
DD-WRT Novice


Joined: 04 Feb 2017
Posts: 2
PostPosted: Sat Feb 04, 2017 15:36    Post subject: Reply with quote
I managed to answer my own question. By running this ip6tables command for each MAC address (and saving them to my firewall script in Administration->Commands) I'm able to disable ipv6 traffic to the devices I want to apply access restrictions to:

Code:
ip6tables -I INPUT -m mac --mac-source MAC:ADDRESS:HERE -j DROP


Visiting a site like ipv6-test.com from those devices show that only ipv4 traffic is working, which means access restrictions work as expected again.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> ARM or PPC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum