Skip to content

Instantly share code, notes, and snippets.

@dettmering dettmering/ipv6.sh
Created Oct 24, 2018

Embed
What would you like to do?
IPv6 iptables config
#!/bin/bash
# ip6tables single-host firewall script
# Define your command variables
ipt6="/sbin/ip6tables"
# Flush all rules and delete all chains
# for a clean startup
$ipt6 -F
$ipt6 -X
# Zero out all counters
$ipt6 -Z
# Default policies: deny all incoming
# Unrestricted outgoing
$ipt6 -P INPUT DROP
$ipt6 -P FORWARD DROP
$ipt6 -P OUTPUT ACCEPT
# Must allow loopback interface
$ipt6 -A INPUT -i lo -j ACCEPT
# Reject connection attempts not initiated from the host
$ipt6 -A INPUT -p tcp --syn -j DROP
# Allow return connections initiated from the host
$ipt6 -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Accept all ICMP v6 packets
$ipt6 -A INPUT -p ipv6-icmp -j ACCEPT
# Optional rules to allow other LAN hosts access
# to services. Delete $ipt6 -A INPUT -p tcp --syn -j DROP
# Allow DHCPv6 from LAN only
$ipt6 -A INPUT -m state --state NEW -m udp -p udp \
-s fe80::/10 --dport 546 -j ACCEPT
# Allow connections from SSH clients
$ipt6 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.