1) You must prohibit reserved external prefixes. Example: iptables -A INPUT -s 3dde::/16 -j DROP Among the reserved prefixes you will find: 2001:2::/48 (rfc 5156), 2001:10::/28 (rfc 4843), 2001:db8::/32 (rfc 3849)
2) If you want to release to the local link ips: iptables -A INPUT -s ff02::1 -j ACCEPT 3) Some ICMP messages can not be blocked because IPv6 works other than IPv4. Are they: 1, 2, 3, 4, 128, 129, 130, 131, 132, 133, 134, 135, 141, 142, 143, 148, 149, 151, 152, 153 Exemple: iptables -A INPUT -p icmpv6 --icmpv6-type 135 -d YOU -j ACCEPT To understand this see the rfc 4890 4) If you know nothing about IPv6 and are looking for information to use it, congratulations. This is the attitude we need to develop this protocol 2017-04-04 5:58 GMT-03:00 Jiangsu Kumquat <re...@mynetblog.com>: > I like this iptables script: > > http://pingie.debus.free.fr/iptables/index.php > > What I like about it is that it filters a lot of bad packets from getting > through and packets that are not supposed to be getting through the > firewall. > > I have it loading as soon as my Ethernet device comes online. > > What I want to know is if it will work okay using ip6tables? > > I know virtually nothing about IPv6 and am hesitant to put it online if it > did work. So, I would really appreciate it is someone would look it over > and tell me what you think about it. > > >
