You can also try Ferm[1] for both of the IP domains in a single configuration and load it automatic as systemd service in Debian[2]. I think is easier than maintaining a custom/autogenerated script, the rules depend on what you want to do and the role of your system.
[1] http://ferm.foo-projects.org/ [2] https://packages.debian.org/stable/ferm On 04/04/2017 04:18 PM, Gustavo Lima wrote: > Remembering that the correct command is ip6tables > > 2017-04-04 10:13 GMT-03:00 Gustavo Lima <ght...@gmail.com > <mailto:ght...@gmail.com>>: > > 1) You must prohibit reserved external prefixes. Example: iptables > -A INPUT -s 3dde::/16 -j DROP > Among the reserved prefixes you will find: 2001:2::/48 (rfc 5156), > 2001:10::/28 (rfc 4843), 2001:db8::/32 (rfc 3849) > > 2) If you want to release to the local link ips: iptables -A > INPUT -s ff02::1 -j ACCEPT > > 3) Some ICMP messages can not be blocked because IPv6 works other > than IPv4. Are they: 1, 2, 3, 4, 128, 129, 130, 131, 132, 133, > 134, 135, 141, 142, 143, 148, 149, 151, 152, 153 > Exemple: iptables -A INPUT -p icmpv6 --icmpv6-type 135 -d YOU -j > ACCEPT > > To understand this see the rfc 4890 > > 4) If you know nothing about IPv6 and are looking for information > to use it, congratulations. This is the attitude we need to > develop this protocol > > 2017-04-04 5:58 GMT-03:00 Jiangsu Kumquat <re...@mynetblog.com > <mailto:re...@mynetblog.com>>: > > I like this iptables script: > > http://pingie.debus.free.fr/iptables/index.php > <http://pingie.debus.free.fr/iptables/index.php> > > What I like about it is that it filters a lot of bad packets > from getting through and packets that are not supposed to be > getting through the firewall. > > I have it loading as soon as my Ethernet device comes online. > > What I want to know is if it will work okay using ip6tables? > > I know virtually nothing about IPv6 and am hesitant to put it > online if it did work. So, I would really appreciate it is > someone would look it over and tell me what you think about it. > > > > -- Thomas Kapoulas http://pebkac.gr
