Using ip6tables to firewall your IPv6 traffic
Firewalling IPv6 traffic on Linux is handled by the ip6tables command. This tool is the IPv6 version of the iptables command we've already used, and it operates in almost exactly the same manner. The big difference is that with IPv6 the use of NAT is highly discouraged.
How to do it…
Let's run the command to establish.
# ip6tables -6 -A INPUT -i lo -j ACCEPT # ip6tables -6 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ip6tables -6 -A INPUT -p tcp --dport 22 -j ACCEPT # ip6tables -6 -P INPUT DROP # ip6tables -6 -P FORWARD DROP # ip6tables -6 -P OUTPUT ACCEPT # ip6tables -6 -A FORWARD -i eth0 -j ACCEPT # ip6tables -6 -A FORWARD -i eth1 -o eth0 -m \ state --state RELATED,ESTABLISHED -j ACCEPT # ip6tables -6 -A FORWARD -i eth0 -j ACCEPT
How it works…
The ip6table rules here are identical to the iptables rules in Chapter 1, Configuring a Router with a few exceptions:
- A lack of NAT
- -6 options
NAT was initially created...
