Fortinet black logo

CLI Reference

config firewall ipv6-eh-filter

config firewall ipv6-eh-filter

Configure IPv6 extension header filter.

config firewall ipv6-eh-filter

Description: Configure IPv6 extension header filter.

set hop-opt [enable|disable]

set dest-opt [enable|disable]

set hdopt-type {integer}

set routing [enable|disable]

set routing-type {integer}

set fragment [enable|disable]

set auth [enable|disable]

set no-next [enable|disable]

end

config firewall ipv6-eh-filter

Parameter

Description

Type

Size

Default

hop-opt

Enable/disable blocking packets with the Hop-by-Hop Options header .

option

-

disable

Option

Description

enable

Enable blocking packets with the Hop-by-Hop Options header.

disable

Disable blocking packets with the Hop-by-Hop Options header.

dest-opt

Enable/disable blocking packets with Destination Options headers .

option

-

disable

Option

Description

enable

Enable blocking packets with Destination Options headers.

disable

Disable blocking packets with Destination Options headers.

hdopt-type

Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255).

integer

Minimum value: 0 Maximum value: 255

routing

Enable/disable blocking packets with Routing headers .

option

-

enable

Option

Description

enable

Block packets with Routing headers.

disable

Allow packets with Routing headers.

routing-type

Block specific Routing header types .

integer

Minimum value: 0 Maximum value: 255

0

fragment

Enable/disable blocking packets with the Fragment header .

option

-

disable

Option

Description

enable

Block packets with the Fragment header.

disable

Allow packets with the Fragment header.

auth

Enable/disable blocking packets with the Authentication header .

option

-

disable

Option

Description

enable

Block packets with the Authentication header.

disable

Allow packets with the Authentication header.

no-next

Enable/disable blocking packets with the No Next header .

option

-

disable

Option

Description

enable

Block packets with the No Next header.

disable

Allow packets with the No Next header.

config firewall ipv6-eh-filter

Configure IPv6 extension header filter.

config firewall ipv6-eh-filter

Description: Configure IPv6 extension header filter.

set hop-opt [enable|disable]

set dest-opt [enable|disable]

set hdopt-type {integer}

set routing [enable|disable]

set routing-type {integer}

set fragment [enable|disable]

set auth [enable|disable]

set no-next [enable|disable]

end

config firewall ipv6-eh-filter

Parameter

Description

Type

Size

Default

hop-opt

Enable/disable blocking packets with the Hop-by-Hop Options header .

option

-

disable

Option

Description

enable

Enable blocking packets with the Hop-by-Hop Options header.

disable

Disable blocking packets with the Hop-by-Hop Options header.

dest-opt

Enable/disable blocking packets with Destination Options headers .

option

-

disable

Option

Description

enable

Enable blocking packets with Destination Options headers.

disable

Disable blocking packets with Destination Options headers.

hdopt-type

Block specific Hop-by-Hop and/or Destination Option types (max. 7 types, each between 0 and 255).

integer

Minimum value: 0 Maximum value: 255

routing

Enable/disable blocking packets with Routing headers .

option

-

enable

Option

Description

enable

Block packets with Routing headers.

disable

Allow packets with Routing headers.

routing-type

Block specific Routing header types .

integer

Minimum value: 0 Maximum value: 255

0

fragment

Enable/disable blocking packets with the Fragment header .

option

-

disable

Option

Description

enable

Block packets with the Fragment header.

disable

Allow packets with the Fragment header.

auth

Enable/disable blocking packets with the Authentication header .

option

-

disable

Option

Description

enable

Block packets with the Authentication header.

disable

Allow packets with the Authentication header.

no-next

Enable/disable blocking packets with the No Next header .

option

-

disable

Option

Description

enable

Block packets with the No Next header.

disable

Allow packets with the No Next header.