Minimale configuratie voor IPv6 in ferm(1)
Monday, July 5th, 2010Ter referentie:
domain ip6 table filter { chain INPUT { # Drop all packets per default. policy DROP; # Respond to ICMP packets (NDP). proto icmpv6 icmp-type (neighbour-solicitation neighbour-advertisement) ACCEPT; # Allow tracked connections. mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; # Allow local connections. interface lo ACCEPT; # Respond to ICMP packets (diagnostic). proto icmpv6 icmp-type echo-request ACCEPT; # SSH connections. proto tcp dport ssh ACCEPT; # Reject everything else. proto tcp REJECT reject-with tcp-reset; REJECT; } chain OUTPUT { # Allow all packets per default. policy ACCEPT; } chain FORWARD { # Drop all packets per default. policy DROP; # Reject everything else. proto tcp REJECT reject-with tcp-reset; REJECT; } }