Example rules for current dual-stack Firewall v2, where the correct place to put own rules allowing forwarding is the sub-chain 'forwarding_rule', part of the FORWARD chain structure:
# Put your custom iptables rules here, they will # be executed with each firewall (re-)start. ## Allow incoming SixXS IPv6 traffic from tunnel PoP in IPv4 firewall iptables -A input_wan -s 62.78.96.38 -p 41 -j ACCEPT # Filter all packets that have RH0 headers: (recommended rule) ip6tables -I INPUT 2 -m rt --rt-type 0 -j DROP ip6tables -I FORWARD 2 -m rt --rt-type 0 -j DROP ip6tables -I OUTPUT 2 -m rt --rt-type 0 -j DROP ## Example: allow packects to port 113 to get forwarded ip6tables -A forwarding_rule -p tcp --dport 113 -j ACCEPT ip6tables -A forwarding_rule -p udp --dport 113 -j ACCEPT
doc/howto/netfilter/netfilter.ip6tables.example2.txt · Last modified: 2011/07/15 12:47 by silversurfer
This text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.