FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 15 - IPv6 > IPv6 Configuration > Blocking IPv6 packets by extension headers

Blocking IPv6 packets by extension headers

FortiOS can now block IPv6 packets based on the extension headers, using the CLI syntax:

config firewall ipv6-eh-filter.

 

The following commands are now available:

  • set hop-opt {disable | enable}: Block packets with Hop-by-Hop Options header.
  • set dest-opt {disable | enable}: Block packets with Destination Options header.
  • set hdopt-type <integer>: Block specific Hop-by-Hop and/or Destination Option types (maximum 7 types, each between 0 and 255).
  • set routing {disable | enable}: Block packets with Routing header.
  • set routing-type <integar>: Block specific Routing header types (maximum 7 types, each between 0 and 255).
  • set fragment {disable | enable}: Block packets with Fragment header.
  • set auth {disable | enable}: Block packets with Authentication header.
  • set no-next {disable | enable}: Block packets with No Next header.
 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy