User Tools

Site Tools


Example rules for current dual-stack Firewall v2, where the correct place to put own rules allowing forwarding is the sub-chain 'forwarding_rule', part of the FORWARD chain structure:

# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
## Allow incoming SixXS IPv6 traffic from tunnel PoP in IPv4 firewall 
iptables -A input_wan -s -p 41 -j ACCEPT
# Filter all packets that have RH0 headers: (recommended rule)
ip6tables -I INPUT 2 -m rt --rt-type 0 -j DROP
ip6tables -I FORWARD 2 -m rt --rt-type 0 -j DROP
ip6tables -I OUTPUT 2 -m rt --rt-type 0 -j DROP
## Example: allow packects to port 113 to get forwarded
ip6tables -A forwarding_rule -p tcp --dport 113 -j ACCEPT
ip6tables -A forwarding_rule -p udp --dport 113 -j ACCEPT
docs/guide-user/firewall/netfilter-iptables/netfilter.ip6tables.example2.txt · Last modified: 2018/03/04 16:12 by bobafetthotmail