Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
linux:firewall6 [2012/01/17 21:51] greebo old revision restored |
linux:firewall6 [2012/04/20 14:32] greebo |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| # path to ip6tables | # path to ip6tables | ||
| - | IP6T="/ | + | IP6TB="/ |
| # name of our Internet and intranet interfaces | # name of our Internet and intranet interfaces | ||
| Line 118: | Line 118: | ||
| # Allow but rate-limit echo request/ | # Allow but rate-limit echo request/ | ||
| - | $IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A INPUT -i $INTERNET |
| - | $IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A INPUT -i $INTERNET |
| # Allow router advertisements on local network segments | # Allow router advertisements on local network segments | ||
| Line 142: | Line 142: | ||
| #reject | #reject | ||
| - | $IP6TB -A INPUT -i $PUBIF -p tcp -m state --syn --state NEW -m multiport --dports 113, | + | $IP6TB -A INPUT -i $INTERNET |
| - | $IP6TB -A INPUT -i $PUBIF -p udp -m multiport --dports | + | $IP6TB -A INPUT -i $INTERNET |
| Line 153: | Line 153: | ||
| # OUTPUT | # OUTPUT | ||
| - | $IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A OUTPUT -o $INTERNET |
| - | $IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A OUTPUT -o $INTERNET |
| for icmptype in 133 134 135 136 137 | for icmptype in 133 134 135 136 137 | ||
