blog.keesmeijs.nl » Blog Archive » Minimale configuratie voor IPv6 in ferm(1)

Minimale configuratie voor IPv6 in ferm(1)

Ter referentie:

domain ip6 table filter {
	chain INPUT {
		# Drop all packets per default.
		policy DROP;

		# Respond to ICMP packets (NDP).
		proto icmpv6 icmp-type (neighbour-solicitation neighbour-advertisement) ACCEPT;

		# Allow tracked connections.
		mod state state INVALID DROP;
		mod state state (ESTABLISHED RELATED) ACCEPT;

		# Allow local connections.
		interface lo ACCEPT;

		# Respond to ICMP packets (diagnostic).
		proto icmpv6 icmp-type echo-request ACCEPT;

		# SSH connections.
		proto tcp dport ssh ACCEPT;

		# Reject everything else.
		proto tcp REJECT reject-with tcp-reset;
		REJECT;
	}

	chain OUTPUT {
		# Allow all packets per default.
		policy ACCEPT;
	}

	chain FORWARD {
		# Drop all packets per default.
		policy DROP;

		# Reject everything else.
		proto tcp REJECT reject-with tcp-reset;
		REJECT;
	}
}

Tags: ferm, firewall, ip6tables, IPv6

This entry was posted on Monday, July 5th, 2010 at 15:30 and is filed under Internet, Programmatuur. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply