Hi Chris, On Sun, 2007-08-12 at 21:33 +0100, Chris Boot wrote: > > I'm sorry, but the bad news is that currently you'll have to write the > > ip6table rules by hand. The good news is that you might be able to use > > the IPv4 rules as a base and just do some heavy editting. > > > Thanks. Never mind, I guess it is the manual method then. Is there a > Debian-recommended way of applying manual ip6tables rules? I was > thinking of running an ip6tables-restore in post-up in > /etc/network/interfaces, would that be a sensible option? I'm not sure of a Debian recommended way, but a post-up line or a file in /etc/network/if-up.d which only runs for the interface you want would work okay. > Does anyone have any best-practice sample IPv6 firewall rules for a > server (i.e. not router/workstation)? If you google around you'll find some best-practice firewalls. But basically, block pretty much everything except for ICMP. ICMP in IPv6 is pretty important and things *will* break if you just block all ICMP traffic. Cheers! -- Andrew Ruthven, Wellington, New Zealand At home: andrew@etc.gen.nz | This space intentionally | left blank.
Attachment:
signature.asc
Description: This is a digitally signed message part