ipv6 network fail (newbie alert)

David Magda dmagda at ee.ryerson.ca
Wed Mar 20 15:15:47 CET 2013


On Wed, March 20, 2013 03:48, Nick Edwards wrote:

> ok, so, it would be best to simply remove all icmp/icmp6 options,
> clear them all out, but then use :
> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request
-j DROP
> blocking nothing else?

Instead of trying to figure things out from scratch, you may want to use
FreeBSD's rc.firewall as a template. It has a few different scenarios:

* open: passes all traffic.
* client: protects only this machine.
* simple: protects the whole network.
* closed: entirely disables IP traffic except for the loopback interface.

http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
http://svnweb.freebsd.org/base/head/etc/rc.firewall?revision=238416

You'll have to translate the rules into iptables syntax, but the comments
are fairly good, and the logic should be relatively straight forward.




More information about the ipv6-ops mailing list