Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: Weaver on December 09, 2018, 11:13:25 PM

Title: Stupid question about tunnels and firewalls
Post by: Weaver on December 09, 2018, 11:13:25 PM
Say I have some kind of tunnel - a VPN of some sort, or as in my current case, a 6in4 proto 41 static tunnel. When packets come in to my Firebrick router from the 6in4 tunnel are these firewalled at all?

Because if not then we have a security hole.

If they are firewalled, how does it know where to get the firewall rules from for this traffic?

Ideally it ought to discard the IPv4 proto 41 header and then apply firewall rules only to the IPv6 packet within, no?

And what about being intelligent and realising that the tunnel output came in through interface x, so what about applying all the rules for source-interface=x?

I realise that I don’t understand how this works in general. Is it just a case of a serious pandemic of common sense, of doing the right thing™?