Skip to content

Instantly share code, notes, and snippets.

@awsvpc

awsvpc/ipv6_ip6tables_default.bash

Forked from kerus1024/ipv6_ip6tables_default.bash
Created May 3, 2025 03:59
Show Gist options
  • Save awsvpc/7d6c07bd98d0833e15438e347bdeea9e to your computer and use it in GitHub Desktop.
Save awsvpc/7d6c07bd98d0833e15438e347bdeea9e to your computer and use it in GitHub Desktop.
Download ZIP
IPv6 iptables
Raw
ipv6_ip6tables_default.bash
ip6tables --policy INPUT DROP;
ip6tables --policy OUTPUT ACCEPT;
ip6tables --policy FORWARD DROP;
ip6tables -Z;
ip6tables -F;
ip6tables -X;
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -t nat -X
ip6tables -t mangle -F
ip6tables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
# Response for unix traceroute
ip6tables -A INPUT -p udp --dport 33434:33523 -j REJECT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment