Firewall isn't dropping on all ports as configured for ipv6 in Help

edited September 2017 in Help
I'm using the firewall group feature to filter connections. I have it configured to accept connections on ports 22,80, and 443 but drop all others. This works as expected on IPv4, but on IPv6, the firewall is accepting connections to ports 25, 135, 139 and 445. I do not have any services on these ports so they show up as closed, but they should be dropped altogether and they are not.

to demonstrate, running nmap -4 reports the following:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

but running nmap -6 reports:
PORT STATE SERVICE
22/tcp open ssh
25/tcp closed smtp
80/tcp open http
135/tcp closed msrpc
139/tcp closed netbios-ssn
443/tcp open https
445/tcp closed microsoft-ds

which is not expected since both ipv4 and ipv6 are configured to drop 0 - 65535 on 0.0.0.0/0 and ::/0
Tagged:

Comments

  • So you have entries in the IPv6 firewall that only allow a few select ports?

    Are you trying nmap from inside your server, or from an external server? From my tests, the Vultr firewall is external to your server instance and only blocks outside connections.
Sign In or Register to comment.

Registration Required

A VULTR.com account is required to use the forum. Click here to sign in.

Quick Links

In this Discussion