Examples of IPv6 Iptables Rules

1. Allow incoming SSH traffic from a specific IPv6 address:

sudo ip6tables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7334 -p tcp --dport 22 -j ACCEPT

This is a rule that allows a particular user or system to connect via SSH to the servers through a specific IPv6 address. This rule is being appended to the end of the chain (specified by -A) meaning that this rule will be evaluated last, and it will overwrite any other previously defined rules.

2. Block all incoming traffic from a specific IPv6 address:

sudo ip6tables -A INPUT -s 2001:0db8:85a3:0000:0000:8a2e:0370:7334 -j DROP

This particular rule is likely being used to block a specific user (or system) from reaching this system from an IPv6 address. It’s being appended to the chain, which means it will be evaluated at the end of the list and subsequently override any rules that have been previously defined.

You can see below thae newly added rules at the end.

3. Allow all incoming traffic from a specific IPv6 network range

sudo ip6tables -A INPUT -s 2001:0db8:85a3::/48 -j ACCEPT

4. Block all incoming traffic on a specific port:

sudo ip6tables -A INPUT -p tcp --dport 80 -j DROP

Below images shows the added rule for blocking all incoming tcp traffic on port 80.

The increasing emergence of internet devices across the globe compelled an improvement of the number space, thus the development of the IPv6. In contrast to its predecessor IPV4, which has a certain number of sets of unique address spaces, IPV6 has virtually an uncountable number of sets of unique address spaces. This change is needed due to the ways in which firewalls are configured when having multiple addresses per device. This article aims to examine the best practices of IPv6 iptables implementations and analyze the strengths and weaknesses of the IPv6 firewall rules that need to be applied.