No ipv6 support / not working?

[TheDelta]

So when I set in the conf.apf
USE_IPV6="1"

it only does the following:

$IP6T -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
$IP6T -A OUTPUT -o lo -s 0/0 -d 0/0 -j ACCEPT

thats it.

Am I missing something or shouldn't it also do a lot more. Any ports, etc are still open and accessible.

[chaos234]

I can proof that IPv6 support isn't working on my side, which can be seen here: https://puu.sh/AaeFn.png

[ovizii]

This sounded interesting so I googled and found this config which lists the USE_IPV6 option: https://github.com/rfxn/advanced-policy-firewall/blob/master/files/conf.apf but that conf file states it is for APF 1.7.5

I am running the apf version installed via Debian apt-get install and the conf file says: APF 9.7 [apf@r-fx.org] and contains no entry for USE_IPV6 at all

Now I am wondering how these two versions are related and whether I should manually install apf-firewall to get the latest version.

[ovizii]

and on top of that, the README says that USE_IPV6 was added back in 2014 => https://www.rfxn.com/appdocs/CHANGELOG.apf

• 1.7.5 | Feb 4th 2014:
  [New] added USE_IPV6 configuration option for enabling/disabling IPv6 support/rule creation

so what ancient version am I running?

[tankerkiller125]

@ovizii The packages Debian (And Ubuntu) provide are very out of date, I recommend pulling this git repo and then using the install.sh script to install the most recent version with proper IPv6 support.

[xero9]

So I'm having a similar issue, running the latest version, but when I put an IPv6 address in allow.apf, APF treats it like I'm opening up a port according to /var/log/apf_log.

I've tried xxxx:xxxx:xxxx:xxxx::xxxx as well as [xxxx:xxxx:xxxx:xxxx::xxxx] for the format, but no such luck.

[jasonwee]

can you try this?

• Support ipv6 jasonwee/advanced-policy-firewall#3
• Support ipv6 for global allow and global deny jasonwee/advanced-policy-firewall#4