Does V 5.10 filter IPv6 with full effect?

clockwork · January 4, 2013, 2:39pm

If i stay with the 5.10 firewall and defense+, will i have a fully functionable firewall for IPv6 too?
I ticked the “filter IPv6 traffic” box.

I realized that i dont need any of the new functions of V6, but i will lose features that i am used to if i move to the new version.

This is the last question regarding to this decision.

digit01 · January 4, 2013, 5:52pm

Why not v5.12 , i got the the setup file , i guess

Radaghast · January 4, 2013, 9:51pm

There are problems with the way 5.x filters IPv6 - ICMPv6 from NDP are assigned to random running processes causing asking pop-ups - I’ve not had a chance to look this in version 6 yet but it still doesn’t handle ICMPv6 filtering correctly.

clockwork · January 5, 2013, 1:04am

I am not sure that i understand the problem.

If i am blocking IP in any, will i get these pop ups?
Is it another workaround to block and remember each question window?
As long as i am working on a long term config, i dont care to answer several questions.

An “automatized” add to this workaround could be a bottom firewall rule: Block any process any.
This rule must be changed for making “new rules by question windows” (if not made manually).
Well, comodo will be even more similar to my old firewall then

Is the problem solved with these ideas?

Radaghast · January 5, 2013, 1:22am

There are several different problems, at least there were. IPv6 inbound connections are not filtered correctly, if at all. Outbound ICMPv6 requests, of various types, are generated for virtually all applications unnecessarily. however, as I suggested in the thread I linked to, these can be catered for in a generic rule for the ‘all applications’ group.

In all honesty, if you don’t have a specific requirement for IPv6, either disable it (I don’t personally recommend this) don’t filter, or use Windows 7/8 firewall.

clockwork · January 5, 2013, 1:44am

Its not enabled. Just want to know how far i can go rather safe with that version.

Dont try to filter - better disable the protocoll?
But then i dont get the “…dont recommend this”.

Radaghast · January 5, 2013, 2:00am

At one point I used to recommend disabling IPv6 completely, however, I’ve since discovered that doing so can cause issues. If you don’t need IPv6, it’s better to just disable the tunnelling components.

To disable the tunnelling features simply copy and paste the following in an elevated command prompt:

netsh interface ipv6 set privacy state=disable (If you have native IPv6 you may want to keep this enabled)
netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface ipv6 set teredo disabled

Followed by:

ipconfig /release6
ipconfig /renew6

Do you have native IPv6 from your ISP?

clockwork · January 5, 2013, 2:09am

I am using xp. Default disabled.

Nice hints for xp<x.
And what a problem can occur with “disabled IPv6” in newer versions?

Radaghast · January 5, 2013, 2:47am

If you’re using XP, unless you’ve specifically activated the IPv6 stack, it’s unnecessary to worry about it.

As far as problems are concerned, IPv6, under Windows Vista+ is part of tcpip.sys, unlike XP where it’s a separate component. Moreover, Microsoft have made IPv6 an integral part of a number of services, such as Homegroups, Direct Access, remote assistance etc. so disabling Ipv6 will/can cause connectivity issues at the least. There can also potential connectivity issues if you have a poorly configured dual stack client when visiting dual stack websites, as IPv6 connections are favoured over their IPv4 counterparts. Outside the typical ‘home’ user, there are known issues in the domain environment with clients with IPv6 disabled.

clockwork · January 6, 2013, 5:31am

:-TU

Excellent help

treefrogs · January 6, 2013, 5:17pm

Excellent help

I second that :-TU