Remembering that the correct command is ip6tables 2017-04-04 10:13 GMT-03:00 Gustavo Lima <ght...@gmail.com>:
> 1) You must prohibit reserved external prefixes. Example: iptables -A > INPUT -s 3dde::/16 -j DROP > Among the reserved prefixes you will find: 2001:2::/48 (rfc 5156), > 2001:10::/28 (rfc 4843), 2001:db8::/32 (rfc 3849) > > 2) If you want to release to the local link ips: iptables -A INPUT -s > ff02::1 -j ACCEPT > > 3) Some ICMP messages can not be blocked because IPv6 works other than > IPv4. Are they: 1, 2, 3, 4, 128, 129, 130, 131, 132, 133, 134, 135, 141, > 142, 143, 148, 149, 151, 152, 153 > Exemple: iptables -A INPUT -p icmpv6 --icmpv6-type 135 -d YOU -j ACCEPT > > To understand this see the rfc 4890 > > 4) If you know nothing about IPv6 and are looking for information to use > it, congratulations. This is the attitude we need to develop this protocol > > 2017-04-04 5:58 GMT-03:00 Jiangsu Kumquat <re...@mynetblog.com>: > >> I like this iptables script: >> >> http://pingie.debus.free.fr/iptables/index.php >> >> What I like about it is that it filters a lot of bad packets from getting >> through and packets that are not supposed to be getting through the >> firewall. >> >> I have it loading as soon as my Ethernet device comes online. >> >> What I want to know is if it will work okay using ip6tables? >> >> I know virtually nothing about IPv6 and am hesitant to put it online if >> it did work. So, I would really appreciate it is someone would look it over >> and tell me what you think about it. >> >> >> >
