Step-By-Step Guide To add the Rules
Step 1: This rule permit any traffic arrived at the firewall from a network connection that is related or connected to an existing one. This is a common rule to allow incoming traffic for the particular connections currently actively connected such as SSH,HTTP etc while denying the new incoming connections.
sudo ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Step 2: This rule enable TCP connection on the SSH port (22) from the IPv6 address, so that firewall can accept . That is, only connections initiated by this particular host will be permitted to this SSH port while all other connections will be denied.
sudo ip6tables -A INPUT -p tcp --dport ssh -s HOST_IPV6_192.168.0.1 -j ACCEPT
Step 3: The first rule permits incoming TCP traffic from any external source to port number 80 (the default port for the HTTP service), and be accepted by the firewall; second rule lets incoming TCP traffic from any external source to port number 21 (the default port for the FTP service) and be accepted by the firewall; and third rule does the same to port number 25 (the default port for the SMTP service). Such rules are added to the INPUT chain (for incoming traffic) and checks whether or not the traffic is of TCP, and if it is of TCP, and has been directed to any of the aforementioned port numbers then the traffic should be accepted (-j ACCEPT).
sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
Step 4: Now let us view the rules we have added above.
sudo ip6tables -L -n --line-numbers
1. Inserting Rules
IP6tables rules are matched in sequence, and once a match is found, no other rules are evaluated. If you need to move your rules around or insert a new rule at a particular place, you can list the rules with the –line-numbers option first, then try this:
sudo ip6tables -I INPUT 2 -p icmpv6 -j ACCEPT
As we can see below, a new rule has been inserted at number 2.
2. Deleting Rules
sudo ip6tables -D INPUT -p tcp --dport 21 -j ACCEPT
This command is used to remove a rule that allowed FTP access to the server, and was added just a moment before, so the server administrator can now remove the rule to also secure the server.
3. Making a New Chain
sudo ip6tables -N Zishan
This command will make a new chain named zishan.
You can see below the chain is created.
Removing a Chain
sudo ip6tables -X zishan
This command will remove the chain named zishan.
IPv6 Iptables Rules
The increasing emergence of internet devices across the globe compelled an improvement of the number space, thus the development of the IPv6. In contrast to its predecessor IPV4, which has a certain number of sets of unique address spaces, IPV6 has virtually an uncountable number of sets of unique address spaces. This change is needed due to the ways in which firewalls are configured when having multiple addresses per device. This article aims to examine the best practices of IPv6 iptables implementations and analyze the strengths and weaknesses of the IPv6 firewall rules that need to be applied.