Example rules for current dual-stack Firewall v2, where the correct place to put own rules allowing forwarding is the sub-chain 'forwarding_rule', part of the FORWARD chain structure:

# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
 
## Allow incoming SixXS IPv6 traffic from tunnel PoP in IPv4 firewall 
iptables -A input_wan -s 62.78.96.38 -p 41 -j ACCEPT
 
# Filter all packets that have RH0 headers: (recommended rule)
ip6tables -I INPUT 2 -m rt --rt-type 0 -j DROP
ip6tables -I FORWARD 2 -m rt --rt-type 0 -j DROP
ip6tables -I OUTPUT 2 -m rt --rt-type 0 -j DROP
 
## Example: allow packects to port 113 to get forwarded
ip6tables -A forwarding_rule -p tcp --dport 113 -j ACCEPT
ip6tables -A forwarding_rule -p udp --dport 113 -j ACCEPT

Back to top

doc/howto/netfilter/netfilter.ip6tables.example2.txt · Last modified: 2011/07/15 12:47 by silversurfer