Changes

Raspberry Pi IPv6 firewall tester installation (view source)

Revision as of 17:12, 30 September 2012

18 bytes added , 17:12, 30 September 2012

no edit summary

Line 54: Line 54:

# pacman -S iptables

−

The following IPv6 firewall is a very simplistic example, only suitable for use in a trusted environment, where SLAAC IPv6 address allocation is in place. '''This example is not intended to be used for an internet-facing Raspberry Pi where you need to include extra packet checking related to traffic sources~~, ICMPv6 types~~, packet arrival rates, etc.'''

+

The following IPv6 firewall is a very simplistic example, only suitable for use in a trusted environment, where SLAAC IPv6 address allocation is in place. '''This example is not intended to be used for an internet-facing Raspberry Pi where you need to include extra packet checking related to traffic sources, packet arrival rates, etc.'''

*filter

Line 69: Line 69:

# Allow ping of this host to aid debug - comment out if not required

-A ICMP6FLTR -p ipv6-icmp --icmpv6-type echo-request -j ACCEPT

+

# Filter ICMPv6 appropriately

-A ICMP6FLTR -m state -p ipv6-icmp --state ESTABLISHED,RELATED --icmpv6-type echo-reply -j ACCEPT

-A ICMP6FLTR -m state -p ipv6-icmp --state ESTABLISHED,RELATED --icmpv6-type destination-unreachable -j ACCEPT

Line 80: Line 81:

-A ICMP6FLTR -p ipv6-icmp --icmpv6-type router-advertisement -j ACCEPT

-A ICMP6FLTR -p ipv6-icmp --icmpv6-type router-solicitation -j ACCEPT

−

# Allow neighbour adv/sol so we can talk to our ~~neighbouts~~ (IPv6 ARP equivalent)

+

# Allow neighbour adv/sol so we can talk to our neighbours (IPv6 ARP equivalent)

-A ICMP6FLTR -p ipv6-icmp --icmpv6-type neighbour-advertisement -j ACCEPT

-A ICMP6FLTR -p ipv6-icmp --icmpv6-type neighbour-solicitation -j ACCEPT

Wikiadmin

Bureaucrats, Administrators

579

edits

Changes

Raspberry Pi IPv6 firewall tester installation (view source)

Revision as of 17:12, 30 September 2012

Navigation menu

Search