brielle/Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More IPv6 fixes

Browse Source
This commit is contained in:
bruns@2mbit.com 2009-08-23 22:43:56 +00:00
parent 8dcd3cfe42
commit ece001ddb5
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
options.default
View File

@ -70,6 +70,9 @@ IPV6BLOCKINCOMING=1
# Interface IPv6 comes in on (either tunnel or real network interface)
#IPV6INT=he-ipv6
# LAN interface for IPv6
#IPV6LAN=eth1
# Trusted IPv6 ranges
IPV6TRUSTED="::1"

8
rc.firewall
View File

@ -178,10 +178,10 @@ if [ $IPV6 ]; then
if [ $IPV6ROUTEDCLIENTBLOCK ]; then
$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IP6TABLES -A FORWARD -i $IPV6INT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP
$IP6TABLES -A FORWARD -i $IPV6INT -p udp ! --dport 32768:65535 -j DROP
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -o $IPV6LAN -p tcp --syn -j DROP
$IP6TABLES -A INPUT -i $IPV6INT -o $IPV6LAN -p udp ! --dport 32768:65535 -j DROP
$IP6TABLES -A FORWARD -i $IPV6INT -o $IPV6LAN -p udp ! --dport 32768:65535 -j DROP
fi
echo -n "Adding allowed IPv6 port: "