This is an old revision of the document!
#!/bin/bash IPT6="/sbin/ip6tables" PUBIF="eth0" echo "Starting IPv6 firewall..." $IPT6 -F $IPT6 -X $IPT6 -t mangle -F $IPT6 -t mangle -X #unlimited $IPT6 -A INPUT -i lo -j ACCEPT $IPT6 -A OUTPUT -o lo -j ACCEPT # DROP all incomming traffic $IPT6 -P INPUT DROP $IPT6 -P OUTPUT DROP $IPT6 -P FORWARD DROP # Allow full outgoing connection but no incomming stuff $IPT6 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT6 -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # allow incoming ICMP ping pong stuff $IPT6 -A INPUT -p ipv6-icmp -j ACCEPT $IPT6 -A OUTPUT -p ipv6-icmp -j ACCEPT ##$IPT6 -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --match limit --limit 30/minute ############# add your custom rules below ############ $IPT6 -A INPUT -i $PUBIF -p tcp -m state --syn --state NEW --destination-port 22 -j ACCEPT #### no need to edit below ### # log everything else $IPT6 -A INPUT -j LOG $IPT6 -A INPUT -j DROP
