Re: iptables over ipv6

Tue, 13 Feb 2007 11:42:45 -0800 

Stephan Balmer <[EMAIL PROTECTED]> wrote:  > On Tue, Feb 13, 2007 at
12:59:49PM -0500, Luis wrote: > > hey there its been a long time well i
have some trouble using ip6tables i > have > > the following networks
2001:b00:f60e::/48 and i have ther servers > > 2001:b00:f60e::1
2001:b00:f60e::2 2001:b00:f60e::3 and the workstatiosn > >
2001:b00:f60e::4 2001:b00:f60e::5 2001:b00:f60e::6  >  > Consider using
distinct subnets for servers and workstations. >  > > Now how can i
filter the sshd > > port using iptables i mean example  > >    
iptables -A input -s 10.10.1.26 -p tcp --dport 22 -j ACCEPT  > >    
iptables -A INPUT -s 10.10.1.1/24 -p tcp --dport 22 -j DROP >  > Please
specify where you'd use these rules. Is it on the server, on the >
workstations or on a gateway host? What's their purpose? >  > > HOW
CAN I DO THAT on ipv6 ??please dont send me to internet i dont have > >
access rigth now so i would really apreciate a hand of you ;)the idea i have
> > on ipv6tables its like this  > >     ip6tables -A INPUT
2001:b00:f60e::1 -p tcp --dport 22 -j ACCEPT > > until there so far so
good but now what ??? > >     ip6tables -A INPUT 2001:b00:f60e::/48 -p
tcp --dport 22 -j DROP > > HOW CAN I specific > > that or do i
have to type iptables -A INPUT :: -p tcp --dport 22 -j DROP >  > The
examples are missing a --source or --destination argument. > It's unclear
to me what you want to achieve. Do you want to prevent the > workstations
from opening ssh connections to other hosts, or prevent other > hosts from
connecting to the workstations? >  > Depending on that, it'd be either
>   ip6tables -A INPUT --source 2001:b00:f60e::/48 -p tcp --dport 22 -j
DROP > or >   ip6tables -A INPUT --destination 2001:b00:f60e::/48 -p tcp
--dport 22 -j > DROP > respectively. >  > If you want to drop all
port 22 connections, incoming and outgoing for > all networks, just don't
specify any source or destination, as in >   ip6tables -A INPUT -p tcp
--dport 22 -j DROPmany thanks my friend !i m firewalling my ipv6 networjk
rigth now :) >   ----------------------------------------------  Luis A.
Rondon Paz  Admin intranet CNT icq #132736035  [EMAIL PROTECTED]  Santiago
de cuba UONET L I N U X  The Choice of a GNU Generation  .~.     /V\  /( )\ 
^^-^^ --------------------------------------------------
_________________________________________________________
This mail sent using V-webmail - http://www.v-webmail.org
-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

Reply via email to