diff options
author | andreas | 2017-12-28 15:50:07 +0100 |
---|---|---|
committer | andreas | 2017-12-28 15:50:07 +0100 |
commit | 945e365c7c221a7167b11e17569a2b5e27ab624c (patch) | |
tree | c1c8488dbe0bdcd34c88adb74fe49de99218fbdc /src/firewall | |
parent | 1c21280a5df2eb723274953b55dc5abfd72afcf5 (diff) | |
download | dotfiles-945e365c7c221a7167b11e17569a2b5e27ab624c.zip dotfiles-945e365c7c221a7167b11e17569a2b5e27ab624c.tar.gz |
Added firewall rules for blocking all ipv6 traffic and added some doc of how to
use these rules.
Diffstat (limited to 'src/firewall')
-rw-r--r-- | src/firewall/rules.v4 (renamed from src/firewall/iptable-desktop-template.fwrules) | 10 | ||||
-rw-r--r-- | src/firewall/rules.v6 | 29 |
2 files changed, 39 insertions, 0 deletions
diff --git a/src/firewall/iptable-desktop-template.fwrules b/src/firewall/rules.v4 index 45b5397..8f403e1 100644 --- a/src/firewall/iptable-desktop-template.fwrules +++ b/src/firewall/rules.v4 @@ -1,4 +1,14 @@ +############################################################################### +# Load rules: +# | iptables-restore < rules.v4 +# If 'iptables-persistence' is not installed install it: +# | aptitude install iptables-persistence +# If 'iptables-persistence' is already installed simply write changes to config +# file: +# | iptables-save > /etc/iptables/rules.v4 +############################################################################### + *filter # Loopback diff --git a/src/firewall/rules.v6 b/src/firewall/rules.v6 new file mode 100644 index 0000000..a2e41fb --- /dev/null +++ b/src/firewall/rules.v6 @@ -0,0 +1,29 @@ + +############################################################################### +# Load rules: +# | ip6tables-restore < rules.v6 +# If 'iptables-persistence' is not installed install it: +# | aptitude install iptables-persistence +# If 'iptables-persistence' is already installed simply write changes to config +# file: +# | ip6tables-save > /etc/iptables/rules.v6 +############################################################################### + +*filter + +# Loopback +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT + +# Log blocked connection attemps +-A INPUT -j LOG --log-prefix "ip6table-bad-input: " --log-level 6 +-A FORWARD -j LOG --log-prefix "ip6table-bad-forward: " --log-level 6 +-A OUTPUT -j LOG --log-prefix "ip6table-bad-output: " --log-level 6 + +# Disallow any non-whitelisted packets +-A INPUT -j REJECT +-A FORWARD -j REJECT +-A OUTPUT -j REJECT + +COMMIT + |