Hi Chris,
On Sun, 2007-08-12 at 21:33 +0100, Chris Boot wrote:
> > I'm sorry, but the bad news is that currently you'll have to write the
> > ip6table rules by hand. The good news is that you might be able to use
> > the IPv4 rules as a base and just do some heavy editting.
> >
> Thanks. Never mind, I guess it is the manual method then. Is there a
> Debian-recommended way of applying manual ip6tables rules? I was
> thinking of running an ip6tables-restore in post-up in
> /etc/network/interfaces, would that be a sensible option?
I'm not sure of a Debian recommended way, but a post-up line or a file
in /etc/network/if-up.d which only runs for the interface you want would
work okay.
> Does anyone have any best-practice sample IPv6 firewall rules for a
> server (i.e. not router/workstation)?
If you google around you'll find some best-practice firewalls. But
basically, block pretty much everything except for ICMP. ICMP in IPv6
is pretty important and things *will* break if you just block all ICMP
traffic.
Cheers!
--
Andrew Ruthven, Wellington, New Zealand
At home: andrew@etc.gen.nz | This space intentionally
| left blank.
Attachment:
signature.asc
Description: This is a digitally signed message part