You can configure a filtering policy for an IPv6 extension header to filter packets.
Before configuring a filtering policy for an IPv6 extension header in the interface view, enable the IPv6 function (for details, see Enabling IPv6).
To prevent the system from being attacked by specific packets, run the ipv6 extension-header command to configure a filtering policy (deny or permit) for an extension header in the packets. The methods of configuring filtering policies for different types of extended headers are as follows:
The system view is displayed.
The configuration is committed.
A filtering policy configured for an IPv6 extension header in the interface view takes precedence over that in the system view.