Skip to content
Snippets Groups Projects
Commit 340bfa5c authored by Théo - Le Filament's avatar Théo - Le Filament
Browse files

feat: enable IPv6

parent a2d8cd32
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/ip6tables.conf.j2
+ 32
0
View file @ 340bfa5c
......@@ -5,13 +5,45 @@
:OUTPUT DROP [0:0]
:LOGGING - [0:0]
## INPUT chain
# Ne pas casser les connexions etablies
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Autoriser loopback
-A INPUT -i lo -j ACCEPT
# Autoriser les paquets ICMP v6
-A INPUT -p ipv6-icmp -j ACCEPT
# Autoriser le DHCPv6 sur le lien local uniquement
-A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
# Log incoming traffic blocked by IPTables
-A INPUT -j LOGGING
## OUTPUT chain
# Ne pas casser les connexions etablies
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Autoriser loopback
-A OUTPUT -o lo -j ACCEPT
# Accept all ICMP v6 packets
-A OUTPUT -p ipv6-icmp -j ACCEPT
# SSH
-A OUTPUT -p tcp -m tcp --dport 2222 -j ACCEPT
# WEB
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
# DNS
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
# NTP Out
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
# SMTP Postfix
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT
# WhoIs
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
# DHCPv6
-A OUTPUT -p udp -m udp -s fe80::/10 --dport 547 -j ACCEPT
# GPG
-A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
# Log outgoing traffic blocked by IPTables
-A OUTPUT -j LOGGING
## LOGGING chain
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment