*filter# Allow all loopback (lo0) traffic and reject traffic# to localhost

1. *filter
2.  
3. # Allow all loopback (lo0) traffic and reject traffic
4. # to localhost that does not originate from lo0.
5. -A INPUT -i lo -j ACCEPT
6. -A INPUT ! -i lo -s ::1/128 -j REJECT
7.  
8. # Allow ICMP
9. -A INPUT -p icmpv6 -j ACCEPT
10.  
11. # Allow HTTP and HTTPS connections from anywhere
12. # (the normal ports for web servers).
13. -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
14. -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
15.  
16. # Allow inbound traffic from established connections.
17. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
18.  
19. # Log what was incoming but denied (optional but useful).
20. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7
21.  
22. # Reject all other inbound.
23. -A INPUT -j REJECT
24.  
25. # Log any traffic that was sent to you
26. # for forwarding (optional but useful).
27. -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7
28.  
29. # Reject all traffic forwarding.
30. -A FORWARD -j REJECT
31.  
32. COMMIT