• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

IPv6 firewall - ip6tables

Started by adiblol, January 11, 2012, 07:03:16 AM

Previous topic - Next topic

adiblol

Some of certification tests could cover IPv6 firewall. For example:

make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).

More complicated filters could be:
remote TCP port,
or even ip6tables-specific like
break connection after sending 16384 bytes (could be cheated with httpd, however)
quota

etc etc
...

nickbeee

Quote from: adiblol on January 11, 2012, 07:03:16 AM
Some of certification tests could cover IPv6 firewall. For example:

make HTTP server (preferably on non-default port -- if not can be harmful for production servers) reachable only from 2001:db8:1337:cafe::/64 (of course this is example netmask).

Anything would need to be OS-neutral in my opinion. I did this for my test setup for the http and smtp servers by setting up an ipv6 access list on my router.
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.