Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Apr 20th, 2012  |  syntax: None  |  size: 2.48 KB  |  hits: 11  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/bin/bash
  2.  
  3. # file: /etc/network/if-up.d/startipv6tunnel
  4.  
  5. ###  This script helps you to set up a SixXS 6in4 static IPv6 tunnel on Ubuntu / Debian.
  6. ###  As it is a if-up script, the tunnel will be started automatically on network startup
  7. ###   and may directly contain the associated IPv6 firewall rules.
  8. ###  (The script must be executable: chmod 750 /etc/network/if-up.d/startipv6tunnel ).
  9. ###  
  10. ###  Republished by Philipp Klaus in 2011 on <http://wp.me/p1fyOX-V1>
  11. ###  Originally published by Wolfgang Ninaus on <http://bit.ly/hdND7m>
  12.  
  13. # The IPv4 address of the SixXS PoP you're using
  14. SIXXS4="yyy.yyy.yy.73"
  15. EXTIP="yy.yy.yyy.yy9"
  16. TUNNELPREFIX="2001:15c0:xxxx:xxxx::"
  17. INTPREFIX="2001:15c0:xxxx:xxxx::"
  18. EXTERNALIF="eth0"
  19.  
  20. MYTUNNELIP="${TUNNELPREFIX}2"
  21. SIXXSTUNNELIP="${TUNNELPREFIX}1"
  22. MTU=1280
  23. IPTABLES="/sbin/iptables"
  24. IPT6="/sbin/ip6tables"
  25. IP6DEV="sixxs"
  26. ## ENABLING IPv6 Tunnel ##
  27.  
  28. $IPTABLES -A INPUT -p 41  -s $SIXXS4 -d $EXTIP -j ACCEPT
  29. $IPTABLES -A OUTPUT -p 41 -d $SIXXS4 -s $EXTIP -j ACCEPT
  30. $IPTABLES -A POSTROUTING -o $EXTERNALIF -t nat -d $SIXXS4 -p all -j SNAT --to-source $EXTIP
  31.  
  32. ## ENABLING IPv6 Tunnel ##
  33.  
  34. /sbin/ip tunnel add $IP6DEV mode sit local ${EXTIP} remote ${SIXXS4}
  35. /sbin/ip link set $IP6DEV up
  36.  
  37. /sbin/ip link set mtu ${MTU} dev $IP6DEV
  38. /sbin/ip tunnel change $IP6DEV ttl 64
  39. /sbin/ip -6 addr add ${MYTUNNELIP}/64 dev $IP6DEV
  40. /sbin/ip -6 ro add default via ${SIXXSTUNNELIP} dev $IP6DEV
  41.  
  42. echo "Starting IPv6 firewall..."
  43. $IPT6 -F
  44. $IPT6 -X
  45. $IPT6 -t mangle -F
  46. $IPT6 -t mangle -X
  47.  
  48. ## DROP all incomming traffic
  49. $IPT6 -P INPUT DROP
  50. $IPT6 -P OUTPUT DROP
  51. $IPT6 -P FORWARD DROP
  52.  
  53. #unlimited access to loopback
  54. $IPT6 -A INPUT -i lo -j ACCEPT
  55. $IPT6 -A OUTPUT -o lo -j ACCEPT
  56.  
  57. # Allow full outgoing connection but no incomming stuff
  58. $IPT6 -A INPUT -i $IP6DEV -m state --state ESTABLISHED,RELATED -j ACCEPT
  59. $IPT6 -A OUTPUT -o $IP6DEV -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  60.  
  61. # allow incoming ICMP ping pong stuff
  62. $IPT6 -A INPUT -i $IP6DEV -p ipv6-icmp -j ACCEPT
  63. $IPT6 -A OUTPUT -o $IP6DEV -p ipv6-icmp -j ACCEPT
  64.  
  65. ############## add your custom rules below ############
  66. #### open IPv6  port 80
  67. ##$IPT6 -A INPUT -i $IP6DEV -p tcp --destination-port 80 -j ACCEPT
  68. #### open IPv6  port 22
  69. ##$IPT6 -A INPUT -i $IP6DEV -p tcp --destination-port 22 -j ACCEPT
  70. #### open IPv6  port 25
  71. ##$IPT6 -A INPUT -i $IP6DEV -p tcp --destination-port 25 -j ACCEPT
  72. ############# End custom rules ################
  73. #
  74. ##### no need to edit below ###
  75. ## log everything else
  76. $IPT6 -A INPUT -i $IP6DEV -j LOG
  77. $IPT6 -A INPUT -i $IP6DEV -j DROP
create a new version of this paste RAW Paste Data