Blog | G5 Cyber Security

Block IPv6 on IPv4 Router

G5 Cyber Security

TL;DR

If your router only supports IPv4 and you’re getting unwanted IPv6 traffic, this guide shows how to block it using your firewall. This prevents potential issues with connectivity or security.

Blocking IPv6 Packets

  1. Understand the Problem: Your router is designed for IPv4 but still receiving IPv6 packets. These can sometimes cause routing problems or expose you to unnecessary risks if not handled correctly.
  2. Identify your Firewall: Most home routers have a built-in firewall accessible through their web interface. Common brands include TP-Link, Netgear, ASUS, and BT. You’ll need the router’s IP address (usually 192.168.1.1 or 192.168.0.1) and login details.
  3. Access your Router’s Interface: Open a web browser and enter your router’s IP address in the address bar. Log in using your username and password.
  4. Locate Firewall Settings: The location of firewall settings varies between routers. Look for sections like:
    • Firewall
    • Security
    • Advanced Settings
    • WAN/Internet Settings
  5. Create a Firewall Rule: You’ll need to create a rule that blocks all incoming IPv6 traffic. The exact steps depend on your router’s interface, but here are common approaches:
    • Option 1: Block All Incoming IPv6: Some routers have a simple option to block all IPv6 traffic. Enable this if available.
    • Option 2: Create a Custom Rule: If there’s no direct IPv6 blocking option, you’ll need to create a custom rule. The key settings are:
      • Protocol: Select ‘IPv6’.
      • Direction: Choose ‘Incoming’ or ‘WAN-to-LAN’.
      • Source IP Address: Set this to ‘Any’ (or ‘::/0’ which represents all IPv6 addresses).
      • Destination IP Address: Set this to your router’s LAN IP address range (e.g., 192.168.1.0/24 if your network uses that range).
      • Action: Select ‘Block’ or ‘Deny’.
  6. Example Rule (Conceptual): The following is a general example; the interface will differ. 
    iptables -A INPUT -p ipv6 all --src ::/0 --dst 192.168.1.0/24 -j DROP
  7. Save and Apply Changes: After creating the rule, save your changes in the router’s interface. The router may need to restart for the changes to take effect.
  8. Test the Block: Use an online IPv6 test tool (e.g., test-ipv6.com) to confirm that your network is no longer reachable via IPv6. You should see a message indicating that IPv6 connectivity is not detected.

Important Note: Blocking IPv6 won’t affect your IPv4 connectivity. If you have any issues, consult your router’s documentation or contact its support team.

Exit mobile version