I’m running firewalld in a router that connects the devices in my home LAN to internet.
I have recently added IPv6 DHCPv6 config to the router, and prefix delegation works, so
the devices in my home LAN get proper IPv6 addresses.
However, I don’t like the idea that all IPv6 enabled devices in my home LAN have public
IPv6 addresses. I’d very much prefer simple IPv4 -style NAT approach to protect the
devices in home LAN from being accessed from the internet.
How do I implement something like this with firewalld in the router?
ip6tables -A FORWARD -m state --state NEW -i $lanif -o $wanif -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP
Other ways to protect the devices in my home LAN being accessed from the internet?