Verifying IPv6 firewall entries

A reversion from any version of ONTAP 9 might result in missing default IPv6 firewall entries for some services in firewall policies. You need to verify that the required firewall entries have been restored to your system.

Procedure

Verify that all firewall policies are correct by comparing them to the default policies: system services firewall policy show

The following example shows the default policies:

cluster1::*> system services firewall policy show
Policy           Service    Action IP-List
---------------- ---------- ------ --------------------
cluster
                 dns        allow  0.0.0.0/0
                 http       allow  0.0.0.0/0
                 https      allow  0.0.0.0/0
                 ndmp       allow  0.0.0.0/0
                 ntp        allow  0.0.0.0/0
                 rsh        allow  0.0.0.0/0
                 snmp       allow  0.0.0.0/0
                 ssh        allow  0.0.0.0/0
                 telnet     allow  0.0.0.0/0
data
                 dns        allow  0.0.0.0/0, ::/0
                 http       deny   0.0.0.0/0, ::/0
                 https      deny   0.0.0.0/0, ::/0
                 ndmp       allow  0.0.0.0/0, ::/0
                 ntp        deny   0.0.0.0/0, ::/0
                 rsh        deny   0.0.0.0/0, ::/0
.
.
.

Manually add any missing default IPv6 firewall entries by creating a new firewall policy: system services firewall policy create
```
cluster1::*> system services firewall policy create -policy newIPv6 
-service ssh -action allow -ip-list ::/0
```
Apply the new policy to the LIF to allow access to a network service: network interface modify
```
cluster1::*> network interface modify -vserver VS1 -lif LIF1 
-firewall-policy newIPv6 
```