Fortinet black logo

CLI Reference

config firewall ipv6-eh-filter

config firewall ipv6-eh-filter

Configure IPv6 extension header filter.

config firewall ipv6-eh-filter
    Description: Configure IPv6 extension header filter.
    set auth [enable|disable]
    set dest-opt [enable|disable]
    set fragment [enable|disable]
    set hdopt-type {integer}
    set hop-opt [enable|disable]
    set no-next [enable|disable]
    set routing [enable|disable]
    set routing-type {integer}
end

config firewall ipv6-eh-filter

Parameter

Description

Type

Size

auth

Enable/disable blocking packets with the Authentication header.

option

-

Option

Description

enable

Block packets with the Authentication header.

disable

Allow packets with the Authentication header.

dest-opt

Enable/disable blocking packets with Destination Options headers.

option

-

Option

Description

enable

Enable blocking packets with Destination Options headers.

disable

Disable blocking packets with Destination Options headers.

fragment

Enable/disable blocking packets with the Fragment header.

option

-

Option

Description

enable

Block packets with the Fragment header.

disable

Allow packets with the Fragment header.

hdopt-type

Block specific Hop-by-Hop and/or Destination Option types.

integer

Minimum value: 0 Maximum value: 255

hop-opt

Enable/disable blocking packets with the Hop-by-Hop Options header.

option

-

Option

Description

enable

Enable blocking packets with the Hop-by-Hop Options header.

disable

Disable blocking packets with the Hop-by-Hop Options header.

no-next

Enable/disable blocking packets with the No Next header

option

-

Option

Description

enable

Block packets with the No Next header.

disable

Allow packets with the No Next header.

routing

Enable/disable blocking packets with Routing headers.

option

-

Option

Description

enable

Block packets with Routing headers.

disable

Allow packets with Routing headers.

routing-type

Block specific Routing header types.

integer

Minimum value: 0 Maximum value: 255

config firewall ipv6-eh-filter

Configure IPv6 extension header filter.

config firewall ipv6-eh-filter
    Description: Configure IPv6 extension header filter.
    set auth [enable|disable]
    set dest-opt [enable|disable]
    set fragment [enable|disable]
    set hdopt-type {integer}
    set hop-opt [enable|disable]
    set no-next [enable|disable]
    set routing [enable|disable]
    set routing-type {integer}
end

config firewall ipv6-eh-filter

Parameter

Description

Type

Size

auth

Enable/disable blocking packets with the Authentication header.

option

-

Option

Description

enable

Block packets with the Authentication header.

disable

Allow packets with the Authentication header.

dest-opt

Enable/disable blocking packets with Destination Options headers.

option

-

Option

Description

enable

Enable blocking packets with Destination Options headers.

disable

Disable blocking packets with Destination Options headers.

fragment

Enable/disable blocking packets with the Fragment header.

option

-

Option

Description

enable

Block packets with the Fragment header.

disable

Allow packets with the Fragment header.

hdopt-type

Block specific Hop-by-Hop and/or Destination Option types.

integer

Minimum value: 0 Maximum value: 255

hop-opt

Enable/disable blocking packets with the Hop-by-Hop Options header.

option

-

Option

Description

enable

Enable blocking packets with the Hop-by-Hop Options header.

disable

Disable blocking packets with the Hop-by-Hop Options header.

no-next

Enable/disable blocking packets with the No Next header

option

-

Option

Description

enable

Block packets with the No Next header.

disable

Allow packets with the No Next header.

routing

Enable/disable blocking packets with Routing headers.

option

-

Option

Description

enable

Block packets with Routing headers.

disable

Allow packets with Routing headers.

routing-type

Block specific Routing header types.

integer

Minimum value: 0 Maximum value: 255