Created
January 22, 2021 20:57
-
-
Save w1ndy/be979dfd94e7d7ec1bd438d72c42f37f to your computer and use it in GitHub Desktop.
Enable IPv6 passthrough with ebtables and prohibit unwanted incoming connections with iptables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| modprobe ip6table_mangle | |
| ebtables -t broute -A BROUTING -p ! ipv6 -j DROP -i eth2.2 | |
| brctl addif br0 eth2.2 | |
| echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 --state NEW -j DROP | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 -p udp --dport 6881 --state NEW -j ACCEPT | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 -p tcp --dport 5000 --state NEW -j ACCEPT | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 -p tcp --dport 6443 --state NEW -j ACCEPT | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 -p tcp --dport 8096 --state NEW -j ACCEPT | |
| ip6tables -I FORWARD 1 -m physdev -m state --physdev-in eth2.2 -p tcp --dport 16881 --state NEW -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment