Differences

This shows you the differences between two versions of the page.

--- linux:firewall6 [2012/01/17 21:51]
greebo old revision restored
+++ linux:firewall6 [2012/10/19 09:39] (current)
zagi
@@ Line 12: / Line 12: @@
 # path to ip6tables
-IP6T="/sbin/ip6tables"
+IP6TB="/sbin/ip6tables"
 # name of our Internet and intranet interfaces
@@ Line 74: / Line 74: @@
 # Allow localhost traffic. This rule is for all protocols.
 $IP6TB -A INPUT -s ::1 -d ::1 -j ACCEPT
+# Allow Link-Local addresses
+$IP6TB -A INPUT -s fe80::/10 -j ACCEPT
+$IP6TB -A OUTPUT -s fe80::/10 -j ACCEPT
 $IP6TB -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j ssh-access
@@ Line 118: / Line 122: @@
 # Allow but rate-limit echo request/reply
-$IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT
+$IP6TB -A INPUT -i $INTERNET -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT
-$IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT
+$IP6TB -A INPUT -i $INTERNET -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT
 # Allow router advertisements on local network segments
@@ Line 142: / Line 146: @@
 #reject
-$IP6TB -A INPUT -i $PUBIF -p tcp -m state --syn --state NEW -m multiport --dports 113,1080,3128,8080 -j REJECT
+$IP6TB -A INPUT -i $INTERNET -p tcp -m state --syn --state NEW -m multiport --dports 113,1080,3128,8080 -j REJECT
-$IP6TB -A INPUT -i $PUBIF -p udp -m multiport --dports  113 -j REJECT
+$IP6TB -A INPUT -i $INTERNET -p udp -m multiport --dports  113 -j REJECT
@@ Line 153: / Line 157: @@
 # OUTPUT
-$IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT
+$IP6TB -A OUTPUT -o $INTERNET -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT
-$IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT
+$IP6TB -A OUTPUT -o $INTERNET -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT
  for icmptype in 133 134 135 136 137