Article : ipv6_Firewall_withip6tables




local ------ ----- IPv6
-----------| eth0 |--------| tun |-----------
lan ------ ----- Broker


you have to use a kernel version >2.6.20, because state Rules are not working in older Kernel versions.
=> dont use centOS 5.x, when you are using CentOS or RedHat use instead version 6.X!!!


*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:IPV6-INPUT - [0:0]
[0:0] -A INPUT -j IPV6-INPUT
[0:0] -A FORWARD -j IPV6-INPUT
[0:0] -A IPV6-INPUT -i lo -j ACCEPT
[0:0] -A IPV6-INPUT -i eth0 -j ACCEPT
# [0:0] -A IPV6-INPUT -p ipv6-icmp -j ACCEPT
[0:0] -A IPV6-INPUT -p esp -j ACCEPT
[0:0] -A IPV6-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# The following line uses my internal LAN facing interface
[0:0] -A IPV6-INPUT -i eth0 -m state --state NEW -j ACCEPT
[0:0] -A IPV6-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT