IPv6Firewall

Damjan Georgievski edited this page Oct 28, 2018 · 1 revision

IPv6 firewall settings

Even your desktop can easily get a fully public IPv6 address, so it might be important to have a default firewall for IPv6. This is mine:

# Generated by ip6tables-save 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:166]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow SSH - but make sure it's secured
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# allow all link-local unicast
-A INPUT -s fe80::/10 -d fe80::/10 -j ACCEPT 
# allow multicast
-A INPUT -d ff00::/8 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 30/min -j ACCEPT 
-A INPUT -m state --state NEW -m limit --limit 30/min -j REJECT --reject-with icmp6-port-unreachable 
-A INPUT -m state --state INVALID,NEW -j DROP 
COMMIT

ArchLinux: stored in ##/etc/iptables/ip6tables.rules##, and ##ip6tables## enabled in the DAEMONS array of ##/etc/rc.conf##.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.