Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
   Compare ISP   Rate your ISP
   Glossary   Glossary
Please login or register.

Login with username, password and session length
Advanced search  


Author Topic: Stupid question about tunnels and firewalls  (Read 120 times)


  • Addicted Kitizen
  • *****
  • Posts: 6567
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Stupid question about tunnels and firewalls
« on: December 09, 2018, 11:13:25 PM »

Say I have some kind of tunnel - a VPN of some sort, or as in my current case, a 6in4 proto 41 static tunnel. When packets come in to my Firebrick router from the 6in4 tunnel are these firewalled at all?

Because if not then we have a security hole.

If they are firewalled, how does it know where to get the firewall rules from for this traffic?

Ideally it ought to discard the IPv4 proto 41 header and then apply firewall rules only to the IPv6 packet within, no?

And what about being intelligent and realising that the tunnel output came in through interface x, so what about applying all the rules for source-interface=x?

I realise that I don’t understand how this works in general. Is it just a case of a serious pandemic of common sense, of doing the right thing™?