Re: iptables over ipv6

To: debian-firewall@lists.debian.org
Subject: Re: iptables over ipv6
From: "Luis" <itachi@cnt.uo.edu.cu>
Date: Tue, 13 Feb 2007 15:39:01 -0500
Message-id: <[🔎] jdf5d1.7ag0mi@linux.cnt.uo.edu.cu>
Reply-to: itachi@cnt.uo.edu.cu
In-reply-to: <[🔎] 20070213182403.GA8000@lia.ch>
References: <[🔎] jdexzq.1myapt@linux.cnt.uo.edu.cu> <[🔎] 20070213182403.GA8000@lia.ch>

Stephan Balmer <sb@lia.ch> wrote:

> On Tue, Feb 13, 2007 at 12:59:49PM -0500, Luis wrote:
> > hey there its been a long time well i have some trouble using ip6tables i
> have
> > the following networks 2001:b00:f60e::/48 and i have ther servers
> > 2001:b00:f60e::1 2001:b00:f60e::2 2001:b00:f60e::3 and the workstatiosn
> > 2001:b00:f60e::4 2001:b00:f60e::5 2001:b00:f60e::6
>
> Consider using distinct subnets for servers and workstations.
>
> > Now how can i filter the sshd
> > port using iptables i mean example
> > iptables -A input -s 10.10.1.26 -p tcp --dport 22 -j ACCEPT
> > iptables -A INPUT -s 10.10.1.1/24 -p tcp --dport 22 -j DROP
>
> Please specify where you'd use these rules. Is it on the server, on the
> workstations or on a gateway host? What's their purpose?
>
> > HOW CAN I DO THAT on ipv6 ??please dont send me to internet i dont have
> > access rigth now so i would really apreciate a hand of you ;)the idea i have
> > on ipv6tables its like this
> > ip6tables -A INPUT 2001:b00:f60e::1 -p tcp --dport 22 -j ACCEPT
> > until there so far so good but now what ???
> > ip6tables -A INPUT 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
> > HOW CAN I specific
> > that or do i have to type iptables -A INPUT :: -p tcp --dport 22 -j DROP
>
> The examples are missing a --source or --destination argument.
> It's unclear to me what you want to achieve. Do you want to prevent the
> workstations from opening ssh connections to other hosts, or prevent other
> hosts from connecting to the workstations?
>
> Depending on that, it'd be either
> ip6tables -A INPUT --source 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP
> or
> ip6tables -A INPUT --destination 2001:b00:f60e::/48 -p tcp --dport 22 -j
> DROP
> respectively.
>
> If you want to drop all port 22 connections, incoming and outgoing for
> all networks, just don't specify any source or destination, as in
> ip6tables -A INPUT -p tcp --dport 22 -j DROP

many thanks my friend !

i m firewalling my ipv6 networjk rigth now :)

>

---------------------------------------------- Luis A. Rondon Paz Admin intranet CNT icq #132736035 itachi@cnt.uo.edu.cu Santiago de cuba UONET L I N U X The Choice of a GNU Generation .~. /V\ /( )\ ^^-^^ --------------------------------------------------
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

Reply to:

References:
- iptables over ipv6
  - From: "Luis" <itachi@cnt.uo.edu.cu>
- Re: iptables over ipv6
  - From: Stephan Balmer <sb@lia.ch>

Prev by Date: remove
Next by Date: Re: remove
Previous by thread: Re: iptables over ipv6
Next by thread: remove
Index(es):
- Date
- Thread