579
edits
Changes
Jump to navigation
Jump to search
Line 132:
Line 132: − + − + − + − + − 0 0 LOGINPUTDROP all * * ::/0 ::/0 rt type:0 segsleft:0 + − + − + − 2 208 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED+ − 1 104 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128+ − 116 19488 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 + − 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133+ − 2 128 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136+ − 2 144 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 − 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22 − 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:80 − 0 0 LOGINPUTDROP all * * ::/0 ::/0 − + − + + + + + + + + + + + + + + + + + + + + + − 0 0 LOG all * * ::/0 ::/0 limit: avg 1/sec burst 20 LOG flags 7 level 4 prefix "IPV6_INPUT_DROP"+ − 0 0 DROP all * * ::/0 ::/0+ + −
Raspberry Pi IPv6 firewall tester installation (view source)
Revision as of 15:33, 31 December 2012
, 15:33, 31 December 2012no edit summary
Assuming your desired ruleset is stored in a file called simple_firewall6.rules then you can import the firewall rules using:
Assuming your desired ruleset is stored in a file called simple_firewall6.rules then you can import the firewall rules using:
# ip6tables-restore < simple_firewall6.rules
# '''ip6tables-restore < simple_firewall6.rules'''
You can view the active firewall rules, and determine the number of packets being processed by each rule using:
You can view the active firewall rules, and determine the number of packets being processed by each rule using:
# ip6tables -v -n -L
# '''ip6tables -v -n -L'''
Chain INPUT (policy DROP 0 packets, 0 bytes)
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0
0 0 ACCEPT all lo any anywhere anywhere
6 480 LOGIDROP all any any anywhere anywhere rt type:0 segsleft:0
0 0 LOGINPUTDROP all * * ::/0 ::/0 rt type:1 segsleft:0
0 0 LOGIDROP all any any anywhere anywhere rt type:1 segsleft:0
0 0 LOGINPUTDROP all * * ::/0 ::/0 rt type:2 segsleft:0
0 0 LOGIDROP all any any anywhere anywhere rt type:2 segsleft:0
94 14928 ICMP6FLTR ipv6-icmp any any anywhere anywhere
687 64315 ACCEPT all any any anywhere anywhere state RELATED,ESTABLISHED
24 1892 ACCEPT tcp any any anywhere anywhere tcp dpt:ssh
3 192 ACCEPT tcp any any anywhere anywhere tcp dpt:http
2002 130K LOGIDROP all any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 592 bytes)
Chain OUTPUT (policy ACCEPT 680 packets, 336K bytes)
pkts bytes target prot opt in out source destination
pkts bytes target prot opt in out source destination
Chain LOGINPUTDROP (4 references)
Chain ICMP6FLTR (1 references)
pkts bytes target prot opt in out source destination
1 176 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp echo-request
0 0 ACCEPT ipv6-icmp any any anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp echo-reply
0 0 ACCEPT ipv6-icmp any any anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp destination-unreachable
0 0 ACCEPT ipv6-icmp any any anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp packet-too-big
0 0 ACCEPT ipv6-icmp any any anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp unknown-header-type
0 0 ACCEPT ipv6-icmp any any anywhere anywhere state RELATED,ESTABLISHED ipv6-icmp unknown-option
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp ttl-zero-during-reassembly
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp bad-header
85 14280 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-advertisement HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255
2 136 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 141 HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 142 HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 148 HL match HL == 255
0 0 ACCEPT ipv6-icmp any any anywhere anywhere ipv6-icmptype 149 HL match HL == 255
6 336 LOGIDROP all any any anywhere anywhere
Chain LOGIDROP (5 references)
pkts bytes target prot opt in out source destination
pkts bytes target prot opt in out source destination
12 784 LOG all any any anywhere anywhere limit: avg 20/min burst 10 LOG level warning tcp-sequence tcp-options ip-options prefix "IPV6_INPUT_DROP "
2014 131K DROP all any any anywhere anywhere
Once you're satisfied that the IPv6 firewall rules are performing correctly then they can be saved using the following command:
Once you're satisfied that the IPv6 firewall rules are performing correctly then they can be saved using the following command: