SixXS::Sunset 2017-06-06

ip6tables script examples
[gb] Shadow Hawkins on Sunday, 15 April 2007 14:45:39
Hi I was wondering if anyone had a decent example of an ip6tables firewall script, all of the scripts I managed to find out there are a bit lacking and they don't seem to perform any firewalling on the subnets they forward. For example, if I use the nmap at http://ipv6.klingon.nl/ I can see a small amount of ports open on my Windows XP machine. I want the machine to have IPv6 connectivity, but I don't want incoming traffic to get forwarded to it unless I've specifically said so. The rules I have at the moment for forwarding the packets are: $IP6TABLES -A FORWARD -s $LOCALNET -d $REMOTENET -j ACCEPT $IP6TABLES -A FORWARD -s $REMOTENET -d $LOCALNET -j ACCEPT I tried adding something so that only packets that were ESTABLISHED or RELATED connections could come through, but that seemed to make ip6tables drop the traffic. I probably added it in the wrong place :/ I guess what I'm looking for is a really quite detailed howto on this.
ip6tables script examples
[ch] Jeroen Massar SixXS Staff on Sunday, 15 April 2007 15:04:01
Connection Tracking for IPv6 is only available in recent Linux kernels (2.6.18+ afaik). See also draft-ietf-v6ops-icmpv6-filtering-recs which shows things like: ip6tables -A FORWARD -m state -p tcp --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A FORWARD -m state -p udp --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A FORWARD -m state -p icmp --state ESTABLISHED,RELATED -j ACCEPT As per the above link, do not filter ICMP too much, in IPv6 it is definitely needed. Also note that the PoPs ping and that needs to work.
ip6tables script examples
[gb] Shadow Hawkins on Sunday, 15 April 2007 15:24:17
I'm running 2.6.19 but good point, I should check if I compiled everything in. Edit: Everything was there, my rules were a little off as I suspected. Thanks for pointing those out to me. (I was missing the protocol switches).
ip6tables script examples
[de] Shadow Hawkins on Friday, 20 April 2007 00:29:13
I tried this to setup firewall on ipv6 to. But somehow the match does not work: ip6tables v1.3.3: Couldn't load match `state':/lib/iptables/libip6t_state.so: cannot open shared object file: No such file or directory My distro is Ubuntu 6.06
ip6tables script examples
[de] Shadow Hawkins on Tuesday, 24 April 2007 20:42:30
Your kernel is build with the appropriate options according to <http://lists.netfilter.org/pipermail/netfilter/2006-May/065655.html>?

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker