View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Setup Firewall-D for Ipv6
Log in to Ask a Question

Setup Firewall-D for Ipv6

I am newbie who just setup nginx on my Linode VPS. Firewall-D is also working fine. Since I have nginx listening for IPv6, do I also need to setup Firewall-D for IPv6?

2 Replies

@curtntech writes:

Since I have nginx listening for IPv6, do I also need to setup Firewall-D for IPv6?

I would assume so… It depends on how serious you take threats using IPv6 as an attack vector on your web server. I have a firewall protecting both IPv4/IPv6 but it passes all http/https traffic. My web server has other protections in place for that. See:

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

I use the version for apache2(8). I update it via cron(8) daily.

With respect to the firewall though, I also use blacklisting and fail2ban(1) so any traffic from sources I consider or determine to be malevolent is blocked. My blacklists are updated every 8 hours.

-- sw

Linode Staff

Hi @curtntech - It depends on how you have it set up. In some cases, it'll already be taken care of. You can configure FirewallD via service/protocol or via rich language rules. There's an official reference on rich language rules here:

https://jpopelka.fedorapeople.org/firewalld/doc/firewalld.richlanguage.html

Specifically you can set the rule to be in the IPv6 rule family: rule family="ipv6"

We have an intro guide to Firewall D here:

Introduction to FirewallD on CentOS

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct