Re: iptables over ipv6
On Tue, Feb 13, 2007 at 12:59:49PM -0500, Luis wrote:
> hey there its been a long time well i have some trouble using ip6tables i have
> the following networks 2001:b00:f60e::/48 and i have ther servers
> 2001:b00:f60e::1 2001:b00:f60e::2 2001:b00:f60e::3 and the workstatiosn
> 2001:b00:f60e::4 2001:b00:f60e::5 2001:b00:f60e::6
Consider using distinct subnets for servers and workstations.
> Now how can i filter the sshd
> port using iptables i mean example
> iptables -A input -s 10.10.1.26 -p tcp --dport 22 -j ACCEPT
> iptables -A INPUT -s 10.10.1.1/24 -p tcp --dport 22 -j DROP
Please specify where you'd use these rules. Is it on the server, on the
workstations or on a gateway host? What's their purpose?
> HOW CAN I DO THAT on ipv6 ??please dont send me to internet i dont have
> access rigth now so i would really apreciate a hand of you ;)the idea i have
> on ipv6tables its like this
> ip6tables -A INPUT 2001:b00:f60e::1 -p tcp --dport 22 -j ACCEPT
> until there so far so good but now what ???
> ip6tables -A INPUT 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
> HOW CAN I specific
> that or do i have to type iptables -A INPUT :: -p tcp --dport 22 -j DROP
The examples are missing a --source or --destination argument.
It's unclear to me what you want to achieve. Do you want to prevent the
workstations from opening ssh connections to other hosts, or prevent other
hosts from connecting to the workstations?
Depending on that, it'd be either
ip6tables -A INPUT --source 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
or
ip6tables -A INPUT --destination 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
respectively.
If you want to drop all port 22 connections, incoming and outgoing for
all networks, just don't specify any source or destination, as in
ip6tables -A INPUT -p tcp --dport 22 -j DROP
Reply to: