ipv6 network fail (newbie alert)
Doug Barton
dougb at dougbarton.us
Thu Mar 21 07:21:12 CET 2013
Look at the ipv6-icmp rules, not the icmp rules (which it should be
obvious refer to ipv4).
Doug
On 03/20/2013 10:54 PM, Nick Edwards wrote:
> I must have missed something here, because with icmp., that freebsd
> link shows what I'm doing now, and people here are saying not to
>
>
> On 3/21/13, David Magda <dmagda at ee.ryerson.ca> wrote:
>> On Wed, March 20, 2013 03:48, Nick Edwards wrote:
>>
>>> ok, so, it would be best to simply remove all icmp/icmp6 options,
>>> clear them all out, but then use :
>>> /usr/local/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request
>> -j DROP
>>> blocking nothing else?
>>
>> Instead of trying to figure things out from scratch, you may want to use
>> FreeBSD's rc.firewall as a template. It has a few different scenarios:
>>
>> * open: passes all traffic.
>> * client: protects only this machine.
>> * simple: protects the whole network.
>> * closed: entirely disables IP traffic except for the loopback interface.
>>
>> http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
>> http://svnweb.freebsd.org/base/head/etc/rc.firewall?revision=238416
>>
>> You'll have to translate the rules into iptables syntax, but the comments
>> are fairly good, and the logic should be relatively straight forward.
>>
>>
>>
More information about the ipv6-ops
mailing list