[Firewall] Allowing ipv6 echo requests from a single source external address

Lonnie Abelbeck lists at lonnie.abelbeck.com
Mon Dec 12 15:00:48 CET 2011


Gombo,

I probably wasn't clear, but I was suggesting something like the following in your custom-rules file:
-----------------------------------------------------------------------------------------
# Put any custom (iptables) rules here down below:
##################################################
# Repeat for all required [IPV6 ADDRESS]
#
ip6tables -A INPUT_CHAIN -p icmpv6 --icmpv6-type echo-request -s [IPV6 ADDRESS] -j ACCEPT
#
ip6tables -A INPUT_CHAIN -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
#
for icmpv6_type in 133 134 135 136; do
  ip6tables -A INPUT_CHAIN -p icmpv6 --icmpv6-type $icmpv6_type -m hl --hl-eq 255 -s [IPV6 ADDRESS] -j ACCEPT
fi
-----------------------------------------------------------------------------------------

The problem will be finding all the [IPV6 ADDRESS] values necessary.

Lonnie



On Dec 12, 2011, at 1:56 AM, Gombo wrote:

> Good day and thank you Lonnie.
> 
> On Sun, 11 Dec 2011 18:15:04 -0600
> Lonnie Abelbeck <lists at lonnie.abelbeck.com> wrote:
> 
>> Gombo,
>> 
>> Post your "custom-rules" file here if you want to pursue this further.
>> 
>> You may have to use "INPUT_CHAIN" instead of "INPUT" to get the rule ordering acceptable.
>> 
> 
> Done, still no joy.
> 
> My custom rules below:
> -----------------------------------------------------------------------------------------
> # Put any custom (iptables) rules here down below:
> ##################################################
> #
> ip6tables -A INPUT_CHAIN -p icmpv6 --icmpv6-type echo-request -s [IPV6 ADDRESS] -j ACCEPT
> #
> ip6tables -A INPUT_CHAIN -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
> #
> -----------------------------------------------------------------------------------------
> 
>> Did I mention you could leave OPEN_ICMPV6="1"  :-)
>> 
>> ... 
> 
> I may have to (or close it altogether) if I can't get it to work as I'd like.
> 
> Thanks again.
> 
> -- 
> Gombo
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list