On Tue, Feb 13, 2007 at 12:59:49PM -0500, Luis wrote: > hey there its been a long time well i have some trouble using ip6tables i have > the following networks 2001:b00:f60e::/48 and i have ther servers > 2001:b00:f60e::1 2001:b00:f60e::2 2001:b00:f60e::3 and the workstatiosn > 2001:b00:f60e::4 2001:b00:f60e::5 2001:b00:f60e::6
Consider using distinct subnets for servers and workstations. > Now how can i filter the sshd > port using iptables i mean example > iptables -A input -s 10.10.1.26 -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -s 10.10.1.1/24 -p tcp --dport 22 -j DROP Please specify where you'd use these rules. Is it on the server, on the workstations or on a gateway host? What's their purpose? > HOW CAN I DO THAT on ipv6 ??please dont send me to internet i dont have > access rigth now so i would really apreciate a hand of you ;)the idea i have > on ipv6tables its like this > ip6tables -A INPUT 2001:b00:f60e::1 -p tcp --dport 22 -j ACCEPT > until there so far so good but now what ??? > ip6tables -A INPUT 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP > HOW CAN I specific > that or do i have to type iptables -A INPUT :: -p tcp --dport 22 -j DROP The examples are missing a --source or --destination argument. It's unclear to me what you want to achieve. Do you want to prevent the workstations from opening ssh connections to other hosts, or prevent other hosts from connecting to the workstations? Depending on that, it'd be either ip6tables -A INPUT --source 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP or ip6tables -A INPUT --destination 2001:b00:f60e::/48 -p tcp --dport 22 -j DROP respectively. If you want to drop all port 22 connections, incoming and outgoing for all networks, just don't specify any source or destination, as in ip6tables -A INPUT -p tcp --dport 22 -j DROP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
