Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
IP6Table-Rules
# Generated by ip6tables-save v1.4.8 on Sun Nov 13 17:47:55 2011
*filter
:INPUT DROP [4018:321440]
:FORWARD DROP [6107:487980]
:OUTPUT ACCEPT [2868:232336]
:HEIPV6LOCAL - [0:0]
:LAN - [0:0]
:LAN2WAN - [0:0]
:LOGDROP - [0:0]
:SIXXSLOCAL - [0:0]
:WAN2LAN - [0:0]
:WAN2WAN - [0:0]
-A INPUT -d <enter /128 from sixxs> -i sixxs -j SIXXSLOCAL
-A INPUT -d <enter /128 from he> -i he-ipv6 -j HEIPV6LOCAL
-A INPUT -i eth0 -j LAN
-A INPUT -j LOGDROP
-A FORWARD -i sixxs -o he-ipv6 -m comment --comment "SixXS2He nok" -j WAN2WAN
-A FORWARD -i he-ipv6 -o sixxs -m comment --comment "He2SixXS nok" -j WAN2WAN
-A FORWARD -p ipv6-icmp -m comment --comment "ICMP ok" -j ACCEPT
-A FORWARD -i eth0 -o sixxs -j LAN2WAN
-A FORWARD -i eth0 -o he-ipv6 -j LAN2WAN
-A FORWARD -i sixxs -o eth0 -j WAN2LAN
-A FORWARD -i he-ipv6 -o eth0 -j WAN2LAN
-A FORWARD -j LOGDROP
-A HEIPV6LOCAL -p ipv6-icmp -m comment --comment "HE ICMP ok" -j ACCEPT
-A HEIPV6LOCAL -p tcp -m tcp --dport 22 -m comment --comment "HE SSH ok" -j ACCEPT
-A HEIPV6LOCAL -p tcp -m tcp --dport 80 -m comment --comment "HE HTTP ok" -j ACCEPT
-A HEIPV6LOCAL -p tcp -m tcp --dport 443 -m comment --comment "HE HTTPS ok" -j ACCEPT
-A HEIPV6LOCAL -m state --state RELATED,ESTABLISHED -m comment --comment "HE answers are ok" -j ACCEPT
-A LAN -p ipv6-icmp -m comment --comment "LAN ICMP ok" -j ACCEPT
-A LAN -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: LAN "
-A LAN2WAN -p tcp -m tcp --dport 22 -m comment --comment "allow outgoing SSH" -j ACCEPT
-A LAN2WAN -p tcp -m tcp --dport 80 -m comment --comment "allow outgoing HTTP" -j ACCEPT
-A LAN2WAN -p tcp -m tcp --dport 443 -m comment --comment "allow outgoing HTTPS" -j ACCEPT
-A LAN2WAN -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: LAN2WAN "
-A LOGDROP -p tcp -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: LOGDROP TCP "
-A LOGDROP -p udp -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: LOGDROP UDP "
-A LOGDROP -p ipv6-icmp -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: LOGDROP ICMP "
-A SIXXSLOCAL -p ipv6-icmp -m comment --comment "SixXS ICMP ok" -j ACCEPT
-A SIXXSLOCAL -p tcp -m tcp --dport 22 -m comment --comment "SixXS SSH ok" -j ACCEPT
-A SIXXSLOCAL -p tcp -m tcp --dport 80 -m comment --comment "SixXS HTTP ok" -j ACCEPT
-A SIXXSLOCAL -p tcp -m tcp --dport 443 -m comment --comment "SixXS HTTPS ok" -j ACCEPT
-A SIXXSLOCAL -m state --state RELATED,ESTABLISHED -m comment --comment "SixXS answers are ok" -j ACCEPT
-A WAN2LAN -m state --state RELATED,ESTABLISHED -m comment --comment "answers are ok" -j ACCEPT
-A WAN2LAN -m limit --limit 40/min --limit-burst 10 -j LOG --log-prefix "ip6tables: WAN2LAN "
-A WAN2WAN -m comment --comment "no traffic between 2 WAN-interfaces" -j DROP
COMMIT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.