Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:firewall6 [2012/04/15 11:10] greebo |
linux:firewall6 [2012/10/19 09:39] (current) zagi |
||
|---|---|---|---|
| Line 74: | Line 74: | ||
| # Allow localhost traffic. This rule is for all protocols. | # Allow localhost traffic. This rule is for all protocols. | ||
| $IP6TB -A INPUT -s ::1 -d ::1 -j ACCEPT | $IP6TB -A INPUT -s ::1 -d ::1 -j ACCEPT | ||
| + | |||
| + | # Allow Link-Local addresses | ||
| + | $IP6TB -A INPUT -s fe80::/10 -j ACCEPT | ||
| + | $IP6TB -A OUTPUT -s fe80::/10 -j ACCEPT | ||
| $IP6TB -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j ssh-access | $IP6TB -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j ssh-access | ||
| Line 118: | Line 122: | ||
| # Allow but rate-limit echo request/ | # Allow but rate-limit echo request/ | ||
| - | $IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A INPUT -i $INTERNET |
| - | $IP6TB -A INPUT -i $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A INPUT -i $INTERNET |
| # Allow router advertisements on local network segments | # Allow router advertisements on local network segments | ||
| Line 142: | Line 146: | ||
| #reject | #reject | ||
| - | $IP6TB -A INPUT -i $PUBIF -p tcp -m state --syn --state NEW -m multiport --dports 113, | + | $IP6TB -A INPUT -i $INTERNET |
| - | $IP6TB -A INPUT -i $PUBIF -p udp -m multiport --dports | + | $IP6TB -A INPUT -i $INTERNET |
| Line 153: | Line 157: | ||
| # OUTPUT | # OUTPUT | ||
| - | $IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 128 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A OUTPUT -o $INTERNET |
| - | $IP6TB -A OUTPUT -o $PUBIF -p icmpv6 --icmpv6-type 129 -m limit --limit 900/min -j ACCEPT | + | $IP6TB -A OUTPUT -o $INTERNET |
| for icmptype in 133 134 135 136 137 | for icmptype in 133 134 135 136 137 | ||
