What are Iptables?
Iptables is a program designed for system administration that is used to configure the tables originally provided in the Linux kernel firewall or the chains and regulations they contain. Actually it is the default one and tends to be used more often for filtering IPv4 traffic while its IPv6 counterpart is called ip6tables. Some options have to be defined individually in both versions.
Installing iptables
Step 1: Enter the below command to install iptables.
sudo apt-get install iptables
Step 2: To make sure that your system supports IPv6, Enter the following command:
cat /proc/net/if_inet6
It is used to display the IPv6 interface statistics for all network interfaces on a Linux system.
If you see something like this, your system supports IPv6.
Step 3: The firewall chains are empty on a newly installed system, as the firewall script clears every chain on startup. To view the chains and rules, use the following command.
(-L to display rules in chains, -n to output IP ports and addresses in numeric format).
Structure of IPv6 firewall rules
sudo ip6tables -A [chain] [rule options] -j [target]
The -A option which has “append” as its shortened form is used to insert a new rule in the desired chain.
- [rule options]: This is where you need to describe, what happening in the row, that should trigger the rule.
- -j [target]: The -j option specifies the target for the rule, such as “ACCEPT” or “DROP.”
Let us understand through an example:
sudo ip6tables -A INPUT -s 2001:db8::/32 -p tcp --dport 22 -j ACCEPT
This rule will allow incoming TCP traffic on port 22 from any address in the 2001:db8::/32 subnet.
Now we can check that if the rule has been added to the list or not. Just enter the below command.
You can see in the above image that the rule has been added.
IPv6 Iptables Rules
The increasing emergence of internet devices across the globe compelled an improvement of the number space, thus the development of the IPv6. In contrast to its predecessor IPV4, which has a certain number of sets of unique address spaces, IPV6 has virtually an uncountable number of sets of unique address spaces. This change is needed due to the ways in which firewalls are configured when having multiple addresses per device. This article aims to examine the best practices of IPv6 iptables implementations and analyze the strengths and weaknesses of the IPv6 firewall rules that need to be applied.