blog.keesmeijs.nl » ip6tables http://blog.keesmeijs.nl Waarom ook niet eigenlijk? Sat, 14 Jan 2012 16:58:56 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Minimale configuratie voor IPv6 in ferm(1) http://blog.keesmeijs.nl/archives/882 http://blog.keesmeijs.nl/archives/882#comments Mon, 05 Jul 2010 14:30:42 +0000 kees http://blog.keesmeijs.nl/?p=882 Ter referentie:

domain ip6 table filter {
	chain INPUT {
		# Drop all packets per default.
		policy DROP;

		# Respond to ICMP packets (NDP).
		proto icmpv6 icmp-type (neighbour-solicitation neighbour-advertisement) ACCEPT;

		# Allow tracked connections.
		mod state state INVALID DROP;
		mod state state (ESTABLISHED RELATED) ACCEPT;

		# Allow local connections.
		interface lo ACCEPT;

		# Respond to ICMP packets (diagnostic).
		proto icmpv6 icmp-type echo-request ACCEPT;

		# SSH connections.
		proto tcp dport ssh ACCEPT;

		# Reject everything else.
		proto tcp REJECT reject-with tcp-reset;
		REJECT;
	}

	chain OUTPUT {
		# Allow all packets per default.
		policy ACCEPT;
	}

	chain FORWARD {
		# Drop all packets per default.
		policy DROP;

		# Reject everything else.
		proto tcp REJECT reject-with tcp-reset;
		REJECT;
	}
}
]]> http://blog.keesmeijs.nl/archives/882/feed 0