[ipv6hackers] Windows(7)-Firewall and EHs

Marksteiner, Stefan stefan.marksteiner at joanneum.at
Tue Jul 16 18:02:18 CEST 2013

Hi Folks,

the Windows firewall in WIN7 offers the opportunity to build rules for four (all except the two IPsec headers) of the original IPv6 extension headers in its advanced firewall rules - the thing is that those rules don't seem to have any effect. I tried out blocking rules for every "supported" EH and tested each rule using Scapy. No matter whether I entered the rule via the GUI (predefined or with manual input of the protocol number) or via netsh, the result was always the same as if no rule were set at all. 
I mean, when I'm defining EH-blocking rules via a foolproof GUI, I expect the firewall to actually block EHs...
Blocking ICMPv6 or blocking traffic from a certain IPv6 address seems to work well though, and as blocking rules have precedence over allowing rules I can't quite imagine what I could have done wrong.
Has anybody similar (or adverse) experience?



More information about the Ipv6hackers mailing list