Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: IPv6 firewall - ip6tables  (Read 4690 times)

adiblol

  • Newbie
  • *
  • Posts: 6
    • View Profile
IPv6 firewall - ip6tables
« on: January 11, 2012, 07:03:16 AM »
Some of certification tests could cover IPv6 firewall. For example:

make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).

More complicated filters could be:
remote TCP port,
or even ip6tables-specific like
break connection after sending 16384 bytes (could be cheated with httpd, however)
quota

etc etc
...
Logged

nickbeee

  • tunneld
  • Jr. Member
  • **
  • Posts: 72
  • I do this just for fun.
    • View Profile
Re: IPv6 firewall - ip6tables
« Reply #1 on: January 11, 2012, 08:28:41 AM »
Quote from: adiblol on January 11, 2012, 07:03:16 AM
Some of certification tests could cover IPv6 firewall. For example:

make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).

Anything would need to be OS-neutral in my opinion. I did this for my test setup for the http and smtp servers by setting up an ipv6 access list on my router.
Logged
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.