Questions tagged [ip6tables]
The ip6tables tag has no summary.
41 questions
0 votes
1 answer
237 views
Dual stack Wireguard and iptables
I have set up a dual stack ip4&ipv6 with NAT wireguard on ubuntu 22. I connect to VPN via ipv4 endpoint. Everything is fine - 2 addresses work simultaneously. However, when I decided to close ...
0 votes
1 answer
106 views
iptables adding localhost once adds the rule twice
I am trying to whitelist memcached port 11211 on ipv4 with iptables v1.8.4: iptables -A INPUT -p tcp --dport 11211 -s localhost -j ACCEPT; Whenever I run that command, then listing the rules, that ...
- 1,262
-1 votes
1 answer
292 views
How do I stop docker from modifying my ip6tables?
I have to use docker for some program but I also manage my local network with ip(6)tables manually. I don't want docker to interfere and mess things up so I set "iptables: falsein/etc/docker/...
- 99
0 votes
2 answers
160 views
Is there a way to bypass iptables/ip6tables rules for localhost traffic?
I have a firewall mechanism based on iptables/ip6tables that allows its users to block or accept traffic from hosts, by adding rules at the top of iptables/ip6tables. I would like all traffic ...
- 11
0 votes
1 answer
1k views
Dhcpcd not assigning IPV6 address to LAN Interface
I am trying to use Raspberry Pi Zero 2 W as an IPV6 router having a debian based os. I have a usb wifi adapter (Interface Wlan1 ) facing wan . The inbuilt wifi (Wlan0) is facing LAN with hostapd ...
-1 votes
2 answers
89 views
Does ip6tables support tcp-flags?
I have below command ip6tables -A INPUT -m ipv6header --header hop,dst,route,frag,auth,esp,none,prot --tcp-flags ACK SYN But getting error as ip6tables v1.8.4 (legacy): unknown option "--tcp-...
- 105
0 votes
1 answer
149 views
Can we determine from email headers that these two IP6 addresses came from the same person?
I'm trying to determine whether the emails came from the same office or person, but lack the in-depth knowledge of IP6 and understanding of the meaning of the same "subnet prefix". From the ...
- 5
1 vote
1 answer
95 views
ip6tables state does not allow http connection outside LAN
I have a Debian 11 machine acting as a router (machine A) for IPv6 with WAN (bond0) and LAN (bond1) interface and another Debian 11 machine (machine B) connected to its LAN interface. This setup works ...
- 121
0 votes
0 answers
517 views
How to properly define ip6tables rule in ansible
On current system I have this rule for ip6tables -A INPUT -d <ip6address> -p udp -m udp --dport <port> -m state --state NEW -j ACCEPT For new system I wrote an ansible playbook: - name: ...
- 101
0 votes
2 answers
772 views
Network Security: Hardening IPv6 on Ubuntu Server?
I am familiar with hardening IPv4 on Ubuntu server, but when I use the same rules for IPv6 with ip6tables, the IPv6 connectivity is lost resulting in Destination unreachable: Address unreachable ...
- 23
0 votes
1 answer
370 views
Disable outgoing IPv6 for specific users on linux
I would like to block outgoing IPv6 connections for specific users on linux machine. I don't want to disable IPv6 for whole system. How can I do it? I can do it using ip6tables and rejecting OUTPUT ...
- 139
0 votes
1 answer
4k views
ufw route allow in on wg0 out on wg0 to 10.0.0.6/32
I use a WireGuard VPM to reversely connect to my home server via an external entry node. On that entry node, I try to add a firewall rule using ufw. Its purpose is to only allow routing to one and ...
- 69
1 vote
1 answer
7k views
ipv6 and iptables - setting up basic rules
I have come to realise my IPv6 ports are not going through iptables, and thus are accessible for attacks. I haven't seen any yet, but I'm sure its only a matter of time. As such, I'm trying to shore ...
- 1,224
2 votes
2 answers
3k views
Working example of IPv6 NPTv6 ip6tables routing with dynamic WAN address (/128 and /56) to LAN
I am currently using iptables for my home lab router and would like to add IPv6. I have 2 ISPs. My first ISP assigns a /128 to the interface and the ability to request /56. ISP1 is connected to eno1. ...
- 2,342
0 votes
1 answer
790 views
Routing ipv6 traffic from LAN to wg0
I have ipv6 connectivity over wg0 (a WireGuard interface), and my LAN has a local ipv6 network. From a desktop (Ubuntu 20.04.1) connected to the router (Ubuntu 20.04.1) with the LAN and wg0 (WireGuard)...
- 109
1 vote
0 answers
523 views
IPv6 packets not reaching FORWARD table
I have 2 systems A and B linked together using a Strongswan IPv4 IKEv2 VPN. A client (C) connected to A can access the public IPv4 internet via B using the VPN. I am trying to enable C to access the ...
- 11
0 votes
0 answers
49 views
Separate ip6tables xt_recent
Is is possible to create separate iptables and ip6tables xt_recent? Like how hashlimit is separated to ipt_hashlimit and ip6t_hashlimit. So maybe like xt_recent and x6t_recent.
- 201
0 votes
1 answer
71 views
ip6tables block thunderbird email [closed]
The following ip6tables block thunderbird from retrieving email from my gmail account: sudo ip6tables -P FORWARD DROP sudo ip6tables -P INPUT DROP sudo ip6tables -P OUTPUT DROP sudo ip6tables -A ...
user571431
0 votes
1 answer
517 views
ip6tables issue on CentOS 6.10 OpenVZ server: cannot unload modules
Hello friends at Serverfault! I'm having a weird issue with my CentOS 6.10 OpenVZ server (using Virtualizor), as I have enable IPv6 support. This server has basically exactly the same setup as three ...
0 votes
1 answer
414 views
How to block incoming ESP traffic with ip6tables
I would like to test my firewall configuration when IPsec traffic is received in my host and I also would like to know how to handle it (drop it at first). For testing reasons, I have deployed two ...
- 125
3 votes
1 answer
189 views
Can I filter based on a ICMPv6 subtype?
I'm trying to filter out specific ICMPv6 packets and I tried looking at all the possible types options by using the following command: ip6tables -p icmpv6 -h This yields the following types (note the ...
- 139
0 votes
2 answers
5k views
ip6tables is not masquerading source address
The following are my ip6tables rules: # ip6tables -t nat -L -v Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination ...
- 121
1 vote
0 answers
112 views
Mirror udp traffic for IPv6
I have four Virtual Machines: A, B, C, D. Machines connected by the following way through the Internal Network of Virtual Box A <-> C, B <-> C, D <-> C Machine C - central node ...
- 11
1 vote
1 answer
886 views
Linux ip6_tables xt_percpu_counter_free (err 0)
Today I wanted install a new server instance with ansible and our existent playbooks. The base system is a Debian 9.4. The firewall role failed, but I do not think that it is an ansible or role ...
- 11
0 votes
1 answer
2k views
OpenVPN ipv6 working fine until i load ip6table rules
I'm running OpenVPN 2.4.0 on Ubuntu 17.04, This setup is working fine and already described here https://serverfault.com/q/887243. The issue comes when i try to load ip6tables rules through the ...
- 508
0 votes
1 answer
445 views
ICMPv6 restrictive firewall: losing connectivity over time
The problem: Losing IPv6 connectivity to a remote IP after certain time period without establishing a connection to the remote IP. My setup: I'm running a server with ip6tables firewall that filters ...
- 295
0 votes
1 answer
93 views
Firewall rule with default policies is not working
I have made a firewall rule bash script as: #!/bin/bash iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP ip6tables -P INPUT DROP ip6tables -P FORWARD ...
2 votes
1 answer
4k views
What wrong with snat in nftables?
I have two virtual machines (server, client) with wireguard vpn. When i try ping any IPv6 resource from client packets doesn't return to client. Tcpdump show me ICMP Reply packets in enp0s3 interface ...
- 27
0 votes
1 answer
501 views
ip6tables rule to allow unrecognized next-header
I have a compliance test that is requiring my node to respond to unrecognized next-headers per RFC 2460. I am running a debian 3.16 kernel. My current firewall implementation is dropping these frames ...
0 votes
0 answers
580 views
Ip6tables centos 7 rule not working
The following rules were working for ipv4 addresses in iptables but using the same rules in ip6tables is not working. Currently all ipv6 addresses are being blocked. This rule set should allow https ...
- 246
0 votes
1 answer
3k views
Disable ICMPv6 Destination Unreachable replies
iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP The above command works for IPv4, what should be the command for IPv6 to drop the ICMPv6 destination-unreachable packets. I have ...
3 votes
1 answer
2k views
ip6tables blocking outgoing+incoming connections
i just changed to a server with ipv6 and therefore i changed my firewall script. Changing my iptables-script to ip6tables does not seem to work though. This is the ipv6 part which neither allows ...
- 33
-1 votes
1 answer
717 views
Best way to forward whole ipv6 /64 subnet range to single address (on Linux, obv)? [duplicate]
I want to forward incoming connections to any address within an assigned ipv6 /64 subnet on a VPS. Obviously I can't add a billion individual address to the interface, but perhaps I could use a bogus ...
- 143
1 vote
1 answer
7k views
Rule to allow port 80 using IPV6
My server: 64 bit Ubuntu 12.04.4 LTS. Provider: Linode.com. No other firewall is present. I've these rules: *filter # Allow localhost traffic. This rule is for all protocols. -A INPUT -s ::1 -d ::...
- 303
0 votes
1 answer
423 views
ip6tables forward chain filters all ports
Trying the following on a centos 6 node (running openvz kernel) ip6tables -F ip6tables -X ip6tables -P FORWARD DROP ip6tables -A FORWARD -p tcp -m multiport --dports 21,22,80,443 -j ACCEPT ip6tables -...
- 1
0 votes
1 answer
2k views
ip6tables port dropping and defaults
On CentOS 6, ip6tables is literally giving a nightmare on this machine. Having ip6tables -P INPUT ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD ACCEPT with ip6tables -A INPUT -p tcp -m ...
- 1
-1 votes
1 answer
1k views
ruleset iptables- user defined chains [closed]
I am very new in iptables. Learning to use them. I got a hang of some basic commands from https://help.ubuntu.com/community/IptablesHowTo. However, I didnt find good explanations of examples of a ...
- 113
0 votes
0 answers
124 views
Using ip6tables with range
I'm trying to ban an ip range with ip6tables. I'm adding this line to /etc/sysconfig/ip6tables -A INPUT -s ::ffff:58.26.318.213 -j DROP But I want to ban everything that starts with 58.26 so that it ...
- 101
0 votes
1 answer
270 views
IP6Tables: How to enable external access to MySQL?
How to enable external access to MySQL with rules on ip6tables? I have tried to the rules below, where after inserted I get access, but when server restart the access remains blocked. :INPUT DROP [2:...
- 471
-2 votes
1 answer
86 views
port forward in INPUT level
I want to change the destination port of the ipv6 packet in the INPUT level. So I tried to use ip6tables with nat in the INPUT level but seems this command does not work # ip6tables -t nat -I INPUT ...
- 151
0 votes
2 answers
6k views
Differences between iptables and ip6tables processing of packets
I've reviewed a variety of netfilter, iptables, and ip6tables resources. I've searched Google, including StackExchange websites for information, and, I can't find easy or clear links to information ...
- 11