It is getting pretty annoying. You setup your firewall, your router and you make everything secure. Everything?
I just noticed strange paket going over the ether. after investigating a little bit I found that thast pakets are caused by windows teredo tunnels. of cource the interfaces can be deactivated on each machine.
searching the web and trying to block certain protocols (41) or specific portions of the internet or ports doesn’t help.
so I deceided to take action on the router and genered a policy-map which is fed by a classmap.
The policy-map is bound to an interface than. Sounds complex, and well it is. but for that easy task it is okay.
class-map match-any BLOCK-OUT match protocol teredo-ipv6-tunneled ! policy-map DROP-BLOCKED class BLOCK-OUT drop
interface Dialer0 description DIALUP ip address negotiated ip access-group PROTECT-IN-V4 in no ip proxy-arp ip mtu 1492 ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ipv6 address dhcp no cdp enable
Done … no teredo anyhmore. And ip nbar activated.