Configure iptables for IPv6
I just configured an iptables firewall for IPv4, and I have a few questions:
Is it a MUST to repeat the same for IPv6?
What will be the consequences of leaving iptables left unconfigured for IPv6?
Which is the better way to go:
- Configure iptables for both IPv4 and IPv6?
- Configure iptables policy to DROP all IPv6 packets. Will the IPv4 configuration affect IPv6 as well?
- Another configuration?
1 Reply
- Is it a MUST to repeat the same for IPv6?
- What will be the consequences of leaving iptables left unconfigured for IPv6?
I’ve grouped these two questions, since I can answer them together. If you have an IPv6 address configured on your Linode then the firewall will need to be configured, or else connections over IPv6 will be unfiltered, and access to your Linode will be made that much easier. To configure the IPv6 firewall, you will repeat more or less the same commands you used for IPv4, but with ip6tables
instead of iptables
. For example, a basic rule to allow SSH over IPv6:
ip6tables -A INPUT -p tcp —dport 22 -j ACCEPT
- Which is the better way to go:
- Configure iptables for both IPv4 and IPv6?
- Configure iptables policy to DROP all IPv6 packets. Will the IPv4 configuration affect IPv6 as well?
- Another configuration?
Configuring iptables for IPv4 alone will not affect IPv6, so the best, and most secure approach is to configure both the IPv4 and IPv6 firewalls, unless you are not going to use IPv6. In that case, you could set the default to drop all IPv6 packets:
ip6tables —policy INPUT DROP
ip6tables —policy OUTPUT DROP
ip6tables —policy FORWARD DROP