1) You must prohibit reserved external prefixes. Example: iptables -A INPUT -s 3dde::/16 -j DROPExemple: iptables -A INPUT -p icmpv6 --icmpv6-type 135 -d YOU -j ACCEPT
Among the reserved prefixes you will find: 2001:2::/48 (rfc 5156), 2001:10::/28 (rfc 4843), 2001:db8::/32 (rfc 3849)
2) If you want to release to the local link ips: iptables -A INPUT -s ff02::1 -j ACCEPT
3) Some ICMP messages can not be blocked because IPv6 works other than IPv4. Are they: 1, 2, 3, 4, 128, 129, 130, 131, 132, 133, 134, 135, 141, 142, 143, 148, 149, 151, 152, 153
To understand this see the rfc 4890
4) If you know nothing about IPv6 and are looking for information to use it, congratulations. This is the attitude we need to develop this protocol2017-04-04 5:58 GMT-03:00 Jiangsu Kumquat <reply@mynetblog.com>:I know virtually nothing about IPv6 and am hesitant to put it online if it did work. So, I would really appreciate it is someone would look it over and tell me what you think about it.What I want to know is if it will work okay using ip6tables?What I like about it is that it filters a lot of bad packets from getting through and packets that are not supposed to be getting through the firewall.I have it loading as soon as my Ethernet device comes online.