Using the firewall defend ipv6-extend-header command, you can filter the IPv6 packets with specific extension headers.
Using the undo firewall defend ipv6-extend-header command, you can cancel the above configuration.
firewall defend ipv6-extend-header { ah | destination | esp | fragment | hop-by-hop | icmpv6 | ipip | none | ospf | raw | routing | tcp | udp | extend-header-id } enable
undo firewall defend ipv6-extend-header { all | ah | destination | esp | fragment | hop-by-hop | icmpv6 | ipip | none | ospf | raw | routing | tcp | udp | extend-header-id | all } enable
| Parameter | Description | Value |
|---|---|---|
| ah | Indicates the AH extension header. | - |
| destination | Indicates the destination extension header. | - |
| esp | Indicates the ESP extension header. | - |
| fragment | Indicates the fragment extension header. | - |
| hop-by-hop | Indicates the hop-by-hop extension header. | - |
| icmpv6 | Indicates the ICMPv6 extension header. | - |
| ipip | Indicates the IPIP extension header. | - |
| none | Indicates no extension header. | - |
| ospf | Indicates the OSPF extension header. | - |
| raw | Indicates the RAW extension header. | - |
| routing | Indicates the routing extension header. | - |
| tcp | Indicates the TCP extension header. | - |
| udp | Indicates the UDP extension header. | - |
| extend-header-id | Indicates the extension header ID. | The value is an integer ranging from 0 to 255. |
| all | Indicates all extension header. | - |