After a long struggle trying to establish IPv6 connectivity with Windows box (and failing) I noticed that Windows Firewall blocks a lot of ICMPv6 packets. Closest predefined rule I could find does allow ICMPv6, but only for Local network
connections, which is too limited compared to recommendations from rfc4890 dated "May 2007" (which is way before Windows 7 was released).
Of course I did expand that rule to Any
as well as tried adding separate ICMPv6 rule — both successful independently. It does a little difference for usual network activity, but gives a huge benefit for tunnelled connections (IPv6 tunnelled over IPv4 for P2P IPv6 direct connections for instance), which hardly operate otherwise.
Am I missing something here or getting it wrong?
If that is "by design", what is the point in limiting this rule to Local network
by default contrary to recommendations?
Best Answer
Yes. You need to explicitly create a new custom inbound rule that passes ICMPv6 for the needed needed interface and network type. It's rather easy to do:
Passing ICMPv6 on Windows Defender Firewall