[140570] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IPv6 gateway, was: Re: IPv6 foot-dragging

daemon@ATHENA.MIT.EDU (Jeroen van Aart)
Fri May 13 17:33:39 2011

Date: Fri, 13 May 2011 14:32:48 -0700
From: Jeroen van Aart <jeroen@mompl.net>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <4DCD8087.9020402@mompl.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Jeroen van Aart wrote:
> -I FORWARD -i eth0 -s 2001:db8::/64 -j ACCEPT
> -I FORWARD -i eth1 -d 2001:db8::/64 -j ACCEPT

Just in case if anyone'd be using it as an example. It's a good idea to 
make your rules more restrictive.

Something like:
-I FORWARD -j DROP
-I FORWARD -s 2001:db8::/64 -j ACCEPT
-I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


-- 
http://goldmark.org/jeff/stupid-disclaimers/
http://linuxmafia.com/~rick/faq/plural-of-virus.html


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[140570] in North American Network Operators' Group

Re: IPv6 gateway, was: Re: IPv6 foot-dragging

daemon@ATHENA.MIT.EDU (Jeroen van Aart)Fri May 13 17:33:39 2011

daemon@ATHENA.MIT.EDU (Jeroen van Aart)
Fri May 13 17:33:39 2011