ipv6 firewall script

ip6tables.sh

if [ "$1" = "--reset" ]; then
    ip6tables -F INPUT
    ip6tables -F FORWARD
    ip6tables -F OUTPUT

    ip6tables -P INPUT ACCEPT
    ip6tables -P OUTPUT ACCEPT
    ip6tables -P FORWARD ACCEPT
else
    # Disable processing of any RH0 packet
    # Which could allow a ping-pong of packets
    ip6tables -A INPUT -m rt --rt-type 0 -j DROP
    ip6tables -A OUTPUT -m rt --rt-type 0 -j DROP
    ip6tables -A FORWARD -m rt --rt-type 0 -j DROP

    ip6tables -A OUTPUT -o wlan0 -j ACCEPT
    ip6tables -A OUTPUT -o eth0 -j ACCEPT
    ip6tables -A INPUT  -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    ip6tables -A INPUT  -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Allow anything on the local link
    ip6tables -A INPUT -i lo -j ACCEPT
    ip6tables -A OUTPUT -o lo -j ACCEPT

    # Allow Link-Local addresses
    ip6tables -A INPUT -s fe80::/10 -j ACCEPT
    ip6tables -A OUTPUT -s fe80::/10 -j ACCEPT

    # Allow multicast
    ip6tables -A INPUT -d ff00::/8 -j ACCEPT
    ip6tables -A OUTPUT -d ff00::/8 -j ACCEPT

    # Allow ICMP
    ip6tables -A INPUT -p icmpv6 -j ACCEPT
    ip6tables -A OUTPUT -p icmpv6 -j ACCEPT

    # Disable privileged ports for the outside
    ip6tables -A INPUT -p tcp --dport 1:65535 -j REJECT

fi

quick and dirty... you probably want to make it better ;)