Logging the Dropped Packets Using Default Deny-all Option
The evaluated configuration device drops all IPv6 traffic by default. This topic describes how to log packets dropped by this default deny-all option.
-
Before you begin, log in with your root account on a Junos OS device running Junos OS Release 22.2R1 and edit the configuration.
You can enter the configuration commands in any order and commit all the commands at once.
To log packets dropped by the default deny-all option:
This procedure might capture a very large amount of data until you have configured the other policies.
To permit all IPv6 traffic into an SRX Series Firewall, configure the device with flow-based forwarding mode. While the default policy in flow-based forwarding mode is still to drop all IPv6 traffic, you can now add rules to permit selected types of IPv6 traffic.
user@host# set security forwarding-options family inet6 mode flow-based