Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- # Allow all loopback (lo0) traffic and reject traffic
- # to localhost that does not originate from lo0.
- -A INPUT -i lo -j ACCEPT
- -A INPUT ! -i lo -s ::1/128 -j REJECT
- # Allow ICMP
- -A INPUT -p icmpv6 -j ACCEPT
- # Allow HTTP and HTTPS connections from anywhere
- # (the normal ports for web servers).
- -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
- # Allow inbound traffic from established connections.
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Log what was incoming but denied (optional but useful).
- -A INPUT -m limit --limit 5/min -j LOG --log-prefix "ip6tables_INPUT_denied: " --log-level 7
- # Reject all other inbound.
- -A INPUT -j REJECT
- # Log any traffic that was sent to you
- # for forwarding (optional but useful).
- -A FORWARD -m limit --limit 5/min -j LOG --log-prefix "ip6tables_FORWARD_denied: " --log-level 7
- # Reject all traffic forwarding.
- -A FORWARD -j REJECT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement