1. Firewall for IPv6
/etc/rc.d/init.d/ip6tables - run-script
/etc/sysconfig/ip6tables-config - system-wide config file
/sbin/ip6tables - primary tool for administering IP6Tables
/sbin/ip6tables-restore
/sbin/ip6tables-save
2. Maintains 3 default tables:
a. Filter - matches IPTables(IPv4)
b. Mangle - matches IPTables(IPv4)
c. Raw
Usage:
1. ip6tables -L
Note: IPv6 firewall rules are administered independently of IPv4 rules
Tasks:
1. Filter inbound traffic to remote RH5 system to SSH
a. ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
b. ip6tables -A INPUT -j DROP
2. Filter outbound traffic to ANY remote SSH port
a. ip6tables -A OUTPUT -p tcp --dport 22 -j DROP
3. Flush ALL rules from OUTPUT chain of the Filter table
a. ip6tables -F OUTPUT
4. Save rules to file, then flush rules
a. ip6tables-save > ip6tables.rules.1
5. Reinstate flushed rules
a. ip6tables-restore ip6tables.rules.1
No comments:
Post a Comment