API tools faq
paste
Advertisement
casaper

ip6table

casaper
Jan 23rd, 2015
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.38 KB | None | 0 0
raw download clone embed print report
  1. @RT-AC66U-F080:/tmp/home/root$ cat /tmp/filter_rules_ipv6
  2. *filter
  3. :INPUT ACCEPT [0:0]
  4. :FORWARD ACCEPT [0:0]
  5. :OUTPUT ACCEPT [0:0]
  6. :PControls - [0:0]
  7. :logaccept - [0:0]
  8. :logdrop - [0:0]
  9. -A INPUT -m rt --rt-type 0 -j DROP
  10. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  11. -A INPUT -i lo -m state --state NEW -j ACCEPT
  12. -A INPUT -i br0 -m state --state NEW -j ACCEPT
  13. -A FORWARD -m rt --rt-type 0 -j DROP
  14. -A FORWARD -o eth0 ! -i br0 -j DROP
  15. -A FORWARD -m state --state INVALID -j DROP
  16. -A FORWARD -i br0 -o br0 -j ACCEPT
  17. -A FORWARD -p ipv6-nonxt -m length --length 40 -j ACCEPT
  18. -A FORWARD -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
  19. -A FORWARD -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
  20. -A FORWARD -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
  21. -A FORWARD -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
  22. -A FORWARD -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
  23. -A FORWARD -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
  24. -A INPUT -p ipv6-nonxt -m length --length 40 -j ACCEPT
  25. -A INPUT -i br0 -j ACCEPT
  26. -A INPUT -i lo -j ACCEPT
  27. -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
  28. -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
  29. -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
  30. -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
  31. -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
  32. -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT
  33. -A INPUT -p ipv6-icmp --icmpv6-type 130 -j ACCEPT
  34. -A INPUT -p ipv6-icmp --icmpv6-type 131 -j ACCEPT
  35. -A INPUT -p ipv6-icmp --icmpv6-type 132 -j ACCEPT
  36. -A INPUT -p ipv6-icmp --icmpv6-type 133 -j ACCEPT
  37. -A INPUT -p ipv6-icmp --icmpv6-type 134 -j ACCEPT
  38. -A INPUT -p ipv6-icmp --icmpv6-type 135 -j ACCEPT
  39. -A INPUT -p ipv6-icmp --icmpv6-type 136 -j ACCEPT
  40. -A INPUT -p ipv6-icmp --icmpv6-type 141 -j ACCEPT
  41. -A INPUT -p ipv6-icmp --icmpv6-type 142 -j ACCEPT
  42. -A INPUT -p ipv6-icmp --icmpv6-type 143 -j ACCEPT
  43. -A INPUT -p ipv6-icmp --icmpv6-type 148 -j ACCEPT
  44. -A INPUT -p ipv6-icmp --icmpv6-type 149 -j ACCEPT
  45. -A INPUT -p ipv6-icmp --icmpv6-type 151 -j ACCEPT
  46. -A INPUT -p ipv6-icmp --icmpv6-type 152 -j ACCEPT
  47. -A INPUT -p ipv6-icmp --icmpv6-type 153 -j ACCEPT
  48. -A INPUT -j DROP
  49. -A OUTPUT -m rt --rt-type 0 -j DROP
  50. -A PControls -j ACCEPT
  51. -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
  52. -A logaccept -j ACCEPT
  53. -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
  54. -A logdrop -j DROP
  55. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!