FirewallBuilder

Figure 5.57. IPv6 Network Object

The network object describes an IPv6 network or subnet. This object is very similar to the IPv4 network object, except you can only enter netmask as a bit length. Use main menu "Net Object / New Network IPv6" item to create objects of this type.

Let's see what we get if we use an IPv6 network object in a policy rule as shown:

Figure 5.58. IPv6 Network Object Used in a Rule

Here is the command generated for iptables:

$IP6TABLES -A FORWARD -p tcp -m tcp  -s 2001:470:1f0e:162::/64  --dport 80  \
-m state --state NEW  -j ACCEPT 
      

Here is what we get for PF:

pass in   quick inet6 proto tcp  from 2001:470:1f0e:162::/64  to any port 80 keep state
pass out  quick inet6 proto tcp  from 2001:470:1f0e:162::/64  to any port 80 keep state
      

Here is the output for Cisco IOS access lists (only one ACL is shown):

ipv6 access-list ipv6_outside_out
  permit tcp 2001:470:1f0e:162::/64 any  eq 80 
exit

interface eth0
  ipv6 traffic-filter ipv6_outside_out out
exit
      

There is no IPv6 support for Cisco ASA (PIX) in Firewall Builder at this time.