IPv6 firewall on Fios router is allowing inbound connections
luca2
Newbie

So IPv6 rolled out to my house recently.  I checked a few devices on my LAN and one of my printers picked up a v6 address.  I then was able to access the printers webpage from a computer outside my LAN via the public IPv6 address.  The firewall on my Fios router for v6 is set "Normal Security" which should be blocking all inbound connections but it seems like it is allowing everything to pass through.

Anyone else noticed this?

0 Likes
Reply
5 Replies
kh-gary
Moderator Emeritus

In order to keep discussion on the community current, this topic has been locked to prevent new replies. If you have a similar question or issue that you wish to discuss, then please feel free to post a new message on the most relevant board. Thanks!

Reply
miked_nova
Newbie

I can confirm this behavior on an Actiontec MI424WR-GEN3I.  I am able to nmap internal hosts from the internet & watch the scan via wireshark on the internal host.  The IPv6 firewall is enabled and set to medium security level which claims to block inbound connections.  And while IPv6 doesn't use NAT, a stateful firewall is still capable of blocking unsolicited inbound connections from the outside.  This is deeply and dangerously broken. 

0 Likes
Reply
Dr_Pepper
Enthusiast - Level 1

What Brand/Model printer are you working with? also have you checked if any ipv6 pinhole rules have been created by your printer. You can check this by logging into the web UI under Advance -> Security & Firewall -> Ipv6 Pinhole.

Cang_Household
Community Leader
Community Leader

The core benefit/deficit of IPv6 is that every device at home can now have the luxury to receive an unique publicly routable address. This avoids the use of an NAT, or a poorman's firewall where all inbound connections are dropped when port forwarding is not enabled.

I am not sure whether Fios router is designed to drop all inbound connections by default. I haven't gotten IPv6 yet. I will give more advice when I have tested out the behavior myself.

Btw, which Fios router are you referring to? Fios Router technically means G3100. If you have a G1100, or a CR1000A, they are not called Fios Router.

luca2
Newbie

I have the G3100.  The default firewall settings for IPv6 (and IPv4) are to block all inbound.  This is really bad that the router says it is set to block but its just allowing everything through

0 Likes
Reply