Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure IPv6 extension header filter.

  config firewall ipv6-eh-filter
      Description: Configure IPv6 extension header filter.
      set hop-opt [enable|disable]
      set dest-opt [enable|disable]
      set hdopt-type {integer}
      set routing [enable|disable]
      set routing-type {integer}
      set fragment [enable|disable]
      set auth [enable|disable]
      set no-next [enable|disable]
  end

config firewall ipv6-eh-filter

Parameter Name Description Type Size
hop-opt Enable/disable blocking packets with the Hop-by-Hop Options header (default = disable).
enable: Enable blocking packets with the Hop-by-Hop Options header.
disable: Disable blocking packets with the Hop-by-Hop Options header.
option -
dest-opt Enable/disable blocking packets with Destination Options headers (default = disable).
enable: Enable blocking packets with Destination Options headers.
disable: Disable blocking packets with Destination Options headers.
option -
hdopt-type Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255, default = 0). integer Minimum value: 0 Maximum value: 255
routing Enable/disable blocking packets with Routing headers (default = enable).
enable: Block packets with Routing headers.
disable: Allow packets with Routing headers.
option -
routing-type Block specific Routing header types (max. 7 types, each between 0 and 255, default = 0). integer Minimum value: 0 Maximum value: 255
fragment Enable/disable blocking packets with the Fragment header (default = disable).
enable: Block packets with the Fragment header.
disable: Allow packets with the Fragment header.
option -
auth Enable/disable blocking packets with the Authentication header (default = disable).
enable: Block packets with the Authentication header.
disable: Allow packets with the Authentication header.
option -
no-next Enable/disable blocking packets with the No Next header (default = disable)
enable: Block packets with the No Next header.
disable: Allow packets with the No Next header.
option -

Configure IPv6 extension header filter.

  config firewall ipv6-eh-filter
      Description: Configure IPv6 extension header filter.
      set hop-opt [enable|disable]
      set dest-opt [enable|disable]
      set hdopt-type {integer}
      set routing [enable|disable]
      set routing-type {integer}
      set fragment [enable|disable]
      set auth [enable|disable]
      set no-next [enable|disable]
  end

config firewall ipv6-eh-filter

Parameter Name Description Type Size
hop-opt Enable/disable blocking packets with the Hop-by-Hop Options header (default = disable).
enable: Enable blocking packets with the Hop-by-Hop Options header.
disable: Disable blocking packets with the Hop-by-Hop Options header.
option -
dest-opt Enable/disable blocking packets with Destination Options headers (default = disable).
enable: Enable blocking packets with Destination Options headers.
disable: Disable blocking packets with Destination Options headers.
option -
hdopt-type Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255, default = 0). integer Minimum value: 0 Maximum value: 255
routing Enable/disable blocking packets with Routing headers (default = enable).
enable: Block packets with Routing headers.
disable: Allow packets with Routing headers.
option -
routing-type Block specific Routing header types (max. 7 types, each between 0 and 255, default = 0). integer Minimum value: 0 Maximum value: 255
fragment Enable/disable blocking packets with the Fragment header (default = disable).
enable: Block packets with the Fragment header.
disable: Allow packets with the Fragment header.
option -
auth Enable/disable blocking packets with the Authentication header (default = disable).
enable: Block packets with the Authentication header.
disable: Allow packets with the Authentication header.
option -
no-next Enable/disable blocking packets with the No Next header (default = disable)
enable: Block packets with the No Next header.
disable: Allow packets with the No Next header.
option -