Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:firewall6 [2009/07/03 08:49] greebo |
linux:firewall6 [2012/01/16 12:28] 109.230.216.60 qDfsmxVUvHHAUQTt |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | + | AFAICT you've coeevrd | |
- | <code bash |> | + | |
- | # | + | |
- | IPT6="/ | + | |
- | PUBIF=" | + | |
- | echo " | + | |
- | $IPT6 -F | + | |
- | $IPT6 -X | + | |
- | $IPT6 -t mangle -F | + | |
- | $IPT6 -t mangle -X | + | |
- | + | ||
- | # | + | |
- | $IPT6 -A INPUT -i lo -j ACCEPT | + | |
- | $IPT6 -A OUTPUT -o lo -j ACCEPT | + | |
- | + | ||
- | # DROP all incomming traffic | + | |
- | $IPT6 -P INPUT DROP | + | |
- | $IPT6 -P OUTPUT DROP | + | |
- | $IPT6 -P FORWARD DROP | + | |
- | + | ||
- | # Allow full outgoing connection but no incomming stuff | + | |
- | $IPT6 -A INPUT -m state --state ESTABLISHED, | + | |
- | $IPT6 -A OUTPUT -m state --state NEW, | + | |
- | + | ||
- | # allow incoming ICMP ping pong stuff | + | |
- | $IPT6 -A INPUT -p ipv6-icmp -j ACCEPT | + | |
- | $IPT6 -A OUTPUT -p ipv6-icmp -j ACCEPT | + | |
- | + | ||
- | ############# | + | |
- | $IPT6 -A INPUT -p tcp --destination-port 22 -j ACCEPT | + | |
- | + | ||
- | #### no need to edit below ### | + | |
- | # log everything else | + | |
- | $IPT6 -A INPUT -j LOG | + | |
- | $IPT6 -A INPUT -j DROP | + | |
- | + | ||
- | ##ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --match limit --limit 30/minute | + | |
- | + | ||
- | </ | + |