ipv6 network fail (newbie alert)
Nick Edwards
nick.z.edwards at gmail.com
Thu Mar 21 06:54:56 CET 2013
I must have missed something here, because with icmp., that freebsd
link shows what I'm doing now, and people here are saying not to
On 3/21/13, David Magda <dmagda at ee.ryerson.ca> wrote:
> On Wed, March 20, 2013 03:48, Nick Edwards wrote:
>
>> ok, so, it would be best to simply remove all icmp/icmp6 options,
>> clear them all out, but then use :
>> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request
> -j DROP
>> blocking nothing else?
>
> Instead of trying to figure things out from scratch, you may want to use
> FreeBSD's rc.firewall as a template. It has a few different scenarios:
>
> * open: passes all traffic.
> * client: protects only this machine.
> * simple: protects the whole network.
> * closed: entirely disables IP traffic except for the loopback interface.
>
> http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
> http://svnweb.freebsd.org/base/head/etc/rc.firewall?revision=238416
>
> You'll have to translate the rules into iptables syntax, but the comments
> are fairly good, and the logic should be relatively straight forward.
>
>
>
More information about the ipv6-ops
mailing list