(1) I read about known issues with IPv6 and the router firewall rules so I ran a port scan on this site:
nmap -v -6 ***MY PUBLIC IPv6 ADDRESS***
Nmap Results:
Starting Nmap 4.11 (
http://www.insecure.org/nmap/ ) at 2013-05-16 04:45 JST
Failed to resolve given IPv6 hostname/IP: Enter. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code -2: Name or service not known
Failed to resolve given IPv6 hostname/IP: Host. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code -2: Name or service not known
Failed to resolve given IPv6 hostname/IP: or. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code -2: Name or service not known
Failed to resolve given IPv6 hostname/IP: IP. Note that you can't use '/mask' or '[1-4,7,100-]' style ranges for IPv6. Error code -2: Name or service not known
Machine ***MY PUBLIC IPv6 ADDRESS*** MIGHT actually be listening on probe port 80
DNS resolution of 1 IPs took 0.26s.
Initiating Connect() Scan against ***MY PUBLIC IPv6 ADDRESS*** [1680 ports] at 04:45
Discovered open port 80/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 22/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 515/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 5432/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 5000/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 548/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 5001/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 161/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 631/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 111/tcp on ***MY PUBLIC IPv6 ADDRESS***
Discovered open port 873/tcp on ***MY PUBLIC IPv6 ADDRESS***
The Connect() Scan took 14.76s to scan 1680 total ports.
Host ***MY PUBLIC IPv6 ADDRESS*** appears to be up ... good.
Interesting ports on ***MY PUBLIC IPv6 ADDRESS***:
Not shown: 1664 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
161/tcp open snmp
445/tcp filtered microsoft-ds
515/tcp open printer
548/tcp open afpovertcp
631/tcp open ipp
873/tcp open rsync
5000/tcp open UPnP
5001/tcp open commplex-link
5432/tcp open postgres
Nmap finished: 1 IP address (1 host up) scanned in 15.867 seconds
(2) So then I created a firewall-start script that looks like this (copied from one of Merlins scripts):
nmap -v -6 -P0 ***MY PUBLIC IPv6 ADDRESS***
Nmap Results:
Starting Nmap 4.11 (
http://www.insecure.org/nmap/ ) at 2013-05-17 09:40 JST
DNS resolution of 1 IPs took 0.27s.
Initiating Connect() Scan against ***MY PUBLIC IPv6 ADDRESS*** [1680 ports] at 09:40
Connect() Scan Timing: About 8.63% done; ETC: 09:46 (0:05:17 remaining)
The Connect() Scan took 347.11s to scan 1680 total ports.
Host ***MY PUBLIC IPv6 ADDRESS*** appears to be up ... good.
All 1680 scanned ports on ***MY PUBLIC IPv6 ADDRESS*** are filtered
Nmap finished: 1 IP address (1 host up) scanned in 347.387 second
This scan took longer because I used the P0 switch.
(4) Everything seems to be working good. I have not had a single log entry in 2 days. Previously I would see frequent activity in my logs.