Re: Will this iptables script work as an ip6tables script?
You can also try Ferm[1] for both of the IP domains in a single
configuration and load it automatic as systemd service in Debian[2].
I think is easier than maintaining a custom/autogenerated script, the
rules depend on what you want to do and the role of your system.
[1] http://ferm.foo-projects.org/
[2] https://packages.debian.org/stable/ferm
On 04/04/2017 04:18 PM, Gustavo Lima wrote:
> Remembering that the correct command is ip6tables
>
> 2017-04-04 10:13 GMT-03:00 Gustavo Lima <ghtp25@gmail.com
> <mailto:ghtp25@gmail.com>>:
>
> 1) You must prohibit reserved external prefixes. Example: iptables
> -A INPUT -s 3dde::/16 -j DROP
> Among the reserved prefixes you will find: 2001:2::/48 (rfc 5156),
> 2001:10::/28 (rfc 4843), 2001:db8::/32 (rfc 3849)
>
> 2) If you want to release to the local link ips: iptables -A
> INPUT -s ff02::1 -j ACCEPT
>
> 3) Some ICMP messages can not be blocked because IPv6 works other
> than IPv4. Are they: 1, 2, 3, 4, 128, 129, 130, 131, 132, 133,
> 134, 135, 141, 142, 143, 148, 149, 151, 152, 153
> Exemple: iptables -A INPUT -p icmpv6 --icmpv6-type 135 -d YOU -j
> ACCEPT
>
> To understand this see the rfc 4890
>
> 4) If you know nothing about IPv6 and are looking for information
> to use it, congratulations. This is the attitude we need to
> develop this protocol
>
> 2017-04-04 5:58 GMT-03:00 Jiangsu Kumquat <reply@mynetblog.com
> <mailto:reply@mynetblog.com>>:
>
> I like this iptables script:
>
> http://pingie.debus.free.fr/iptables/index.php
> <http://pingie.debus.free.fr/iptables/index.php>
>
> What I like about it is that it filters a lot of bad packets
> from getting through and packets that are not supposed to be
> getting through the firewall.
>
> I have it loading as soon as my Ethernet device comes online.
>
> What I want to know is if it will work okay using ip6tables?
>
> I know virtually nothing about IPv6 and am hesitant to put it
> online if it did work. So, I would really appreciate it is
> someone would look it over and tell me what you think about it.
>
>
>
>
--
Thomas Kapoulas
http://pebkac.gr
Reply to: