Created
May 31, 2023 06:16
-
-
Save kiransubash/2fd1977e94bbfe123e153936c7fea34d to your computer and use it in GitHub Desktop.
Allow ICMP Packets IPTABLES
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # INBOUND ICMPv6 | |
| # Commented types are not needed; | |
| # those types that would be allowed for link-local only are commented as well | |
| # because link-local is allowed all traffic. | |
| # | |
| ip6tables -N ICMP6 | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 1 -j ACCEPT # Destination Unreachable | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 2 -j ACCEPT # Packet Too Big | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 3 -j ACCEPT # Time Exceeded | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 4 -j ACCEPT # Parameter Problem | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 128 -j ACCEPT # Echo Request | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 133 -j ACCEPT # Router Solicitation | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 134 -j ACCEPT # Router Advertisement | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 135 -j ACCEPT # Neighbor Solicitation | |
| ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 136 -j ACCEPT # Neighbor Advertisement | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 141 -j ACCEPT # Inverse Neighbor Discovery Solicitation | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 142 -j ACCEPT # Inverse Neighbor Discovery Advertisement | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 130 -j ACCEPT # Listener Query | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 131 -j ACCEPT # Listener Report | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 132 -j ACCEPT # Listener Done | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 143 -j ACCEPT # Listener Report v2 | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 148 -j ACCEPT # Certificate Path Solicitation | |
| #ip6tables -A ICMP6 -p icmpv6 --icmpv6-type 149 -j ACCEPT # Certificate Path Advertisement | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 151 -j ACCEPT # Multicast Router Advertisement | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 152 -j ACCEPT # Multicast Router Solicitation | |
| #ip6tables -A ICMP6 -s fe80::/10 -p icmpv6 --icmpv6-type 153 -j ACCEPT # Multicast Router Termination | |
| # DROP everything else on chain ICMP6 | |
| ip6tables -A ICMP6 -p icmpv6 -j LOG --log-level 7 --log-prefix "[FW.IN drop ICMP6] " | |
| ip6tables -A ICMP6 -p icmpv6 -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment