[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables over ipv6

Stephan Balmer <sb@lia.ch> wrote:

> On Tue, Feb 13, 2007 at 12:59:49PM -0500, Luis wrote:
> > hey there its been a long time well i have some trouble using ip6tables i
> have
> > the following networks 2001:b00:f60e::/48 and i have ther servers
> > 2001:b00:f60e::1 2001:b00:f60e::2 2001:b00:f60e::3 and the workstatiosn
> > 2001:b00:f60e::4 2001:b00:f60e::5 2001:b00:f60e::6
> Consider using distinct subnets for servers and workstations.
> > Now how can i filter the sshd
> > port using iptables i mean example
> > iptables -A input -s -p tcp --dport 22 -j ACCEPT
> > iptables -A INPUT -s -p tcp --dport 22 -j DROP
> Please specify where you'd use these rules. Is it on the server, on the
> workstations or on a gateway host? What's their purpose?
> > HOW CAN I DO THAT on ipv6 ??please dont send me to internet i dont have
> > access rigth now so i would really apreciate a hand of you ;)the idea i have
> > on ipv6tables its like this
> > ip6tables -A INPUT 2001:b00:f60e::1 -p tcp --dport 22 -j ACCEPT
> > until there so far so good but now what ???
> > ip6tables -A INPUT 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
> > HOW CAN I specific
> > that or do i have to type iptables -A INPUT :: -p tcp --dport 22 -j DROP
> The examples are missing a --source or --destination argument.
> It's unclear to me what you want to achieve. Do you want to prevent the
> workstations from opening ssh connections to other hosts, or prevent other
> hosts from connecting to the workstations?
> Depending on that, it'd be either
> ip6tables -A INPUT --source 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
> or
> ip6tables -A INPUT --destination 2001:b00:f60e::/48 -p tcp --dport 22 -j
> respectively.
> If you want to drop all port 22 connections, incoming and outgoing for
> all networks, just don't specify any source or destination, as in
> ip6tables -A INPUT -p tcp --dport 22 -j DROP

many thanks my friend !

i m firewalling my ipv6 networjk rigth now :)


---------------------------------------------- Luis A. Rondon Paz Admin intranet CNT icq #132736035 itachi@cnt.uo.edu.cu Santiago de cuba UONET L I N U X The Choice of a GNU Generation .~. /V\ /( )\ ^^-^^ --------------------------------------------------
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
Reply to: