Re: [Squeeze] ip6tables-save syntax

To: Kees de Jong <keesdejong@gmail.com>, debian-security@lists.debian.org
Subject: Re: [Squeeze] ip6tables-save syntax
From: Mike Mestnik <cheako@mikemestnik.net>
Date: Thu, 17 Nov 2011 16:07:19 -0600
Message-id: <[🔎] 4EC58597.7010101@mikemestnik.net>
In-reply-to: <[🔎] 1321558320.60165.12.camel@Intrepid.Debnet>
References: <[🔎] 1321558320.60165.12.camel@Intrepid.Debnet>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/17/11 13:32, Kees de Jong wrote:
> Hi,
>
>
>
>
> I'm running Debian Squeeze and I want to save my ip6table configuration
with the iptables-persistent tool.
> To save an ipv4 table I use 'iptables-save > /etc/iptables/rules', the
configuration file 'rules' is already there for the use of ipv4.
> But there is no ipv6 config file, so I don't know what the correct
syntax is of the ipv6 configuration file when I want to save it with
ip6tables-save.
> In Debian Testing there are respective defaults for ipv4 and ipv6 in
the tool iptables-persistent named: rules.v4 and rules.v6
>
> Can someone point me to the correct syntax of the file? So that
ip6tables is restored on a cold start in a proper way.
> An entry like 'ip6tables-restore < /etc/iptables/rules6' in
/etc/rc.local would be an ugly solution.
>
ip6tables-save > /etc/iptables/rules6; # This dosn't work for you?

I just looked on my FW and it looks like the format is the same as
iptables-save, most lines contain parameters to be passed to ip6tables,
typically starting with '-A', other lines change the default table '-t'
and configure policy for chains '-P'.  Each table section ends with COMMIT.

Example snippet:
*filter
:INPUT DROP [0:0]
- -A INPUT -m conntrack --ctstate INVALID,NEW -j dynamic
- -A INPUT -i tun6in4 -j net2fw
- -A INPUT -i br0 -j br0_in
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -j Reject
- -A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level 6
- -A INPUT -g reject
COMMIT

>
>
>
>
>
> --
> Kind regards,
> Kees de Jong
>
>
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde(n).
> Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud
niet te gebruiken en de afzender direct te informeren door het bericht
te retourneren.
> --
> The information contained in this message may be confidential and is
intended to be exclusively for the addressee(s).
> Should you receive this message unintentionally, please do not use the
contents herein and notify the sender immediately by return e-mail.
>
>
>
>
>
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOxYWXAAoJEEGHzDDLDhlefRwIAJzutIO8LeArhVDrcGemwy/D
Z/QyyS04lnfCJA2qCj1ceLoa5raT/orIH+f+LiIEmENNUUWfyFaq6/VFLvke5r4+
sIVYHbmNr/U5dGEx+zEnYnmatJRb6OstW2qv80SI8XNe0qa99fG9CfXlgEQiU3+a
6YclqVHZz/dekq9im+62tYG//ItmrdntWSeXBZNGcwnzfk3lDvLyNm0FEGZXrBgJ
wsY2Bh/zzXhMTLmlyi0HQsIQolIPVk2uTvczD1NZKwZzHTYUlj9ePn7YJGgYa6It
aF7zDzCZiplqpd5FnMUUWdmf+6JRWp/X0LODLalE3yDfEGr8pX6db/YKEO0iHes=
=JhHb
-----END PGP SIGNATURE-----

Reply to:

References:
- [Squeeze] ip6tables-save syntax
  - From: Kees de Jong <keesdejong@gmail.com>

Prev by Date: [Squeeze] ip6tables-save syntax
Next by Date: Re: [Squeeze] ip6tables-save syntax
Previous by thread: [Squeeze] ip6tables-save syntax
Next by thread: Re: [Squeeze] ip6tables-save syntax
Index(es):
- Date
- Thread