Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
linux:firewall6 [2008/11/28 10:13] greebo |
linux:firewall6 [2012/01/16 12:28] 109.230.216.60 qDfsmxVUvHHAUQTt |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | <code bash> | + | AFAICT you've coeevrd |
| - | # | + | |
| - | IPT6="/ | + | |
| - | PUBIF=" | + | |
| - | echo " | + | |
| - | $IPT6 -F | + | |
| - | $IPT6 -X | + | |
| - | $IPT6 -t mangle -F | + | |
| - | $IPT6 -t mangle -X | + | |
| - | + | ||
| - | # | + | |
| - | $IPT6 -A INPUT -i lo -j ACCEPT | + | |
| - | $IPT6 -A OUTPUT -o lo -j ACCEPT | + | |
| - | + | ||
| - | # DROP all incomming traffic | + | |
| - | $IPT6 -P INPUT DROP | + | |
| - | $IPT6 -P OUTPUT DROP | + | |
| - | $IPT6 -P FORWARD DROP | + | |
| - | + | ||
| - | # Allow full outgoing connection but no incomming stuff | + | |
| - | $IPT6 -A INPUT -m state --state ESTABLISHED, | + | |
| - | $IPT6 -A OUTPUT -m state --state NEW, | + | |
| - | + | ||
| - | # allow incoming ICMP ping pong stuff | + | |
| - | $IPT6 -A INPUT -p ipv6-icmp -j ACCEPT | + | |
| - | $IPT6 -A OUTPUT -p ipv6-icmp -j ACCEPT | + | |
| - | + | ||
| - | ############# | + | |
| - | $IPT6 -A INPUT -p tcp --destination-port 22 -j ACCEPT | + | |
| - | + | ||
| - | #### no need to edit below ### | + | |
| - | # log everything else | + | |
| - | $IPT6 -A INPUT -j LOG | + | |
| - | $IPT6 -A INPUT -j DROP | + | |
| - | + | ||
| - | ##ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --match limit --limit 30/minute | + | |
| - | + | ||
