IPv6 Tables

Creating Firewall Rules with ip6tables

Conclusions and Outlook

In this article, I created a basic set of rules for an IPv6 firewall on which you can base a variety of additional rules specific to an environment.

Many rules apply to both worlds: IPv4 and IPv6. Although the basic configuration steps and the syntax in ip6tables for IPv6 remain similar to iptables for IPv4, you still need to consider some special cases in IPv6 that require individual handling – in particular, tunnel traffic and the ICMPv6 problem.

Even in a small environment, the ip6tables rules can become quite extensive. Thus, the question always arises as to whether the rules should be applied globally or to interfaces and subnets, or prefixes, or even individual hosts.

The more precisely you need the rules to filter your traffic, the more complex things become. One basic problem should be noted that is not specific to IPv6: A complex set of rules tends to give rise to administration errors. Sometimes less is more.

An aspect I have not addressed is the use of your own chains. It is usually desirable for the firewall to log what comes in and goes out and what was blocked. To do this, you create your own chains, which first log and then follow up an action – normally with DROP or ACCEPT. These filter rules are referenced by appropriate chains, which is like iptables with IPv4.

The Author

Eric Amberg has worked many years in the field of IT infrastructure as a trainer and consultant and has many years of project experience. His main focus is on networking topics. In his seminars, he places great emphasis on practical training. More information is available at http://www.atracon.de.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=