Added firewall rules for blocking all ipv6 traffic and added some doc of how to

use these rules.

2 files changed, 39 insertions, 0 deletions

diff --git a/src/firewall/iptable-desktop-template.fwrules b/src/firewall/rules.v4
index 45b5397..8f403e1 100644
--- a/src/firewall/iptable-desktop-template.fwrules
+++ b/src/firewall/rules.v4
@@ -1,4 +1,14 @@
 
+###############################################################################
+# Load rules:
+# | iptables-restore < rules.v4
+# If 'iptables-persistence' is not installed install it:
+# | aptitude install iptables-persistence
+# If 'iptables-persistence' is already installed simply write changes to config
+# file:
+# | iptables-save > /etc/iptables/rules.v4
+###############################################################################
+
 *filter
 
 # Loopback
diff --git a/src/firewall/rules.v6 b/src/firewall/rules.v6
new file mode 100644
index 0000000..a2e41fb
--- /dev/null
+++ b/src/firewall/rules.v6
@@ -0,0 +1,29 @@
+
+###############################################################################
+# Load rules:
+# | ip6tables-restore < rules.v6
+# If 'iptables-persistence' is not installed install it:
+# | aptitude install iptables-persistence
+# If 'iptables-persistence' is already installed simply write changes to config
+# file:
+# | ip6tables-save > /etc/iptables/rules.v6
+###############################################################################
+
+*filter
+
+# Loopback
+-A INPUT -i lo -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+
+# Log blocked connection attemps
+-A INPUT -j LOG --log-prefix "ip6table-bad-input:  " --log-level 6
+-A FORWARD -j LOG --log-prefix "ip6table-bad-forward: " --log-level 6
+-A OUTPUT -j LOG --log-prefix "ip6table-bad-output: " --log-level 6
+
+# Disallow any non-whitelisted packets
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+-A OUTPUT -j REJECT
+
+COMMIT
+