Tuesday, 13 December 2011

### IPv6 IPTables ###



 1. Firewall for IPv6

/etc/rc.d/init.d/ip6tables - run-script
/etc/sysconfig/ip6tables-config - system-wide config file

/sbin/ip6tables - primary tool for administering IP6Tables
/sbin/ip6tables-restore
/sbin/ip6tables-save

 2. Maintains 3 default tables:
  a. Filter - matches IPTables(IPv4)
  b. Mangle - matches IPTables(IPv4)
  c. Raw


Usage:
 1. ip6tables -L

Note: IPv6 firewall rules are administered independently of IPv4 rules

Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
  a. ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
  b. ip6tables -A INPUT -j DROP

 2. Filter outbound traffic to ANY remote SSH port
  a. ip6tables -A OUTPUT -p tcp --dport 22 -j DROP

 3. Flush ALL rules from OUTPUT chain of the Filter table
  a. ip6tables -F OUTPUT

 4. Save rules to file, then flush rules
  a. ip6tables-save > ip6tables.rules.1

 5. Reinstate flushed rules
  a. ip6tables-restore ip6tables.rules.1

No comments:

Post a Comment