ip6tables

ip6tables is a command-line utility in Linux for managing IPv6 packet filtering rules. It is part of the iptables suite but specifically designed for IPv6 traffic. It allows administrators to configure rules for packet filtering, network address translation (NAT), and other firewall functionalities for IPv6.

Basic Concepts

  • Chains: A list of rules for processing network packets. Common chains include:

    • INPUT: For packets destined for the local system.

    • FORWARD: For packets being routed through the system.

    • OUTPUT: For packets originating from the local system.

  • Tables: Different contexts for managing packet rules. Common tables include:

    • filter: The default table for packet filtering.

    • nat: Used for network address translation.

Basic Commands

Viewing Rules

  • List Rules in a Chain:

    sudo ip6tables -L [CHAIN_NAME] [OPTIONS]

    Example to list rules in the INPUT chain:

    sudo ip6tables -L INPUT -v -n

  • List Rules in a Specific Table:

    sudo ip6tables -t [TABLE_NAME] -L

    Example to list rules in the nat table:

    sudo ip6tables -t nat -L

Adding and Deleting Rules

  • Add a Rule:

    sudo ip6tables -A [CHAIN_NAME] -p [PROTOCOL] --dport [PORT] -j [TARGET]

    Example to allow incoming TCP traffic on port 80:

    sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT

  • Delete a Rule:

    sudo ip6tables -D [CHAIN_NAME] [RULE_SPECIFICATION]

    Example to delete the first rule in the INPUT chain:

    sudo ip6tables -D INPUT 1

  • Insert a Rule:

    sudo ip6tables -I [CHAIN_NAME] [RULE_NUMBER] -p [PROTOCOL] --dport [PORT] -j [TARGET]

    Example to insert a rule to block traffic from a specific IP:

    sudo ip6tables -I INPUT 1 -s 2001:db8::1 -j DROP

Saving and Restoring Rules

  • Save Rules: The method to save rules can vary by distribution. Common methods include:

    • Debian/Ubuntu:

      sudo ip6tables-save > /etc/iptables/rules.ip6

    • Red Hat/CentOS:

      sudo ip6tables-save > /etc/sysconfig/ip6tables

  • Restore Rules:

    sudo ip6tables-restore < /etc/iptables/rules.ip6

Example Rules

  • Allow Incoming SSH:

    sudo ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

  • Drop All Incoming Traffic by Default:

    sudo ip6tables -P INPUT DROP

  • Allow Loopback Traffic:

    sudo ip6tables -A INPUT -i lo -j ACCEPT

  • Allow Established Connections:

    sudo ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Files and Directories

  • Configuration File: Rules are typically not stored in a configuration file but managed dynamically. Rules can be saved to files and restored as needed.

  • Log Files: ip6tables logs may be found in system logs:

    • Debian/Ubuntu: /var/log/syslog

    • Red Hat/CentOS: /var/log/messages

Comparison to iptables

  • Purpose: While iptables is used for IPv4 traffic, ip6tables is used for IPv6 traffic.

  • Syntax: Similar command syntax, but ip6tables is specific to IPv6.

  • Tables and Chains: Both tools use the same concepts of tables and chains but apply them to their respective IP versions.

Summary

ip6tables is a powerful tool for managing IPv6 firewall rules on Linux systems. Understanding its basic commands and options allows administrators to effectively control network traffic and enhance system security. The utility works similarly to iptables, with specific commands tailored for IPv6 networking.ip6tables is a command-line utility in Linux for managing IPv6 packet filtering rules. It is part of the iptables suite but specifically designed for IPv6 traffic. It allows administrators to configure rules for packet filtering, network address translation (NAT), and other firewall functionalities for IPv6.

Basic Concepts

  • Chains: A list of rules for processing network packets. Common chains include:

    • INPUT: For packets destined for the local system.

    • FORWARD: For packets being routed through the system.

    • OUTPUT: For packets originating from the local system.

  • Tables: Different contexts for managing packet rules. Common tables include:

    • filter: The default table for packet filtering.

    • nat: Used for network address translation.

Basic Commands

Viewing Rules

  • List Rules in a Chain:

    sudo ip6tables -L [CHAIN_NAME] [OPTIONS]

    Example to list rules in the INPUT chain:

    sudo ip6tables -L INPUT -v -n

  • List Rules in a Specific Table:

    sudo ip6tables -t [TABLE_NAME] -L

    Example to list rules in the nat table:

    sudo ip6tables -t nat -L

Adding and Deleting Rules

  • Add a Rule:

    sudo ip6tables -A [CHAIN_NAME] -p [PROTOCOL] --dport [PORT] -j [TARGET]

    Example to allow incoming TCP traffic on port 80:

    sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT

  • Delete a Rule:

    sudo ip6tables -D [CHAIN_NAME] [RULE_SPECIFICATION]

    Example to delete the first rule in the INPUT chain:

    sudo ip6tables -D INPUT 1

  • Insert a Rule:

    sudo ip6tables -I [CHAIN_NAME] [RULE_NUMBER] -p [PROTOCOL] --dport [PORT] -j [TARGET]

    Example to insert a rule to block traffic from a specific IP:

    sudo ip6tables -I INPUT 1 -s 2001:db8::1 -j DROP

Saving and Restoring Rules

  • Save Rules: The method to save rules can vary by distribution. Common methods include:

    • Debian/Ubuntu:

      sudo ip6tables-save > /etc/iptables/rules.ip6

    • Red Hat/CentOS:

      sudo ip6tables-save > /etc/sysconfig/ip6tables

  • Restore Rules:

    sudo ip6tables-restore < /etc/iptables/rules.ip6

Example Rules

  • Allow Incoming SSH:

    sudo ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

  • Drop All Incoming Traffic by Default:

    sudo ip6tables -P INPUT DROP

  • Allow Loopback Traffic:

    sudo ip6tables -A INPUT -i lo -j ACCEPT

  • Allow Established Connections:

    sudo ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Files and Directories

  • Configuration File: Rules are typically not stored in a configuration file but managed dynamically. Rules can be saved to files and restored as needed.

  • Log Files: ip6tables logs may be found in system logs:

    • Debian/Ubuntu: /var/log/syslog

    • Red Hat/CentOS: /var/log/messages

Comparison to iptables

  • Purpose: While iptables is used for IPv4 traffic, ip6tables is used for IPv6 traffic.

  • Syntax: Similar command syntax, but ip6tables is specific to IPv6.

  • Tables and Chains: Both tools use the same concepts of tables and chains but apply them to their respective IP versions.

Summary

ip6tables is a powerful tool for managing IPv6 firewall rules on Linux systems. Understanding its basic commands and options allows administrators to effectively control network traffic and enhance system security. The utility works similarly to iptables, with specific commands tailored for IPv6 networking.

PreviousImportant Pure-FTPd command line optionsNext-var-named

Last updated