-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/11 13:32, Kees de Jong wrote: > Hi, > > > > > I'm running Debian Squeeze and I want to save my ip6table configuration with the iptables-persistent tool. > To save an ipv4 table I use 'iptables-save > /etc/iptables/rules', the configuration file 'rules' is already there for the use of ipv4. > But there is no ipv6 config file, so I don't know what the correct syntax is of the ipv6 configuration file when I want to save it with ip6tables-save. > In Debian Testing there are respective defaults for ipv4 and ipv6 in the tool iptables-persistent named: rules.v4 and rules.v6 > > Can someone point me to the correct syntax of the file? So that ip6tables is restored on a cold start in a proper way. > An entry like 'ip6tables-restore < /etc/iptables/rules6' in /etc/rc.local would be an ugly solution. > ip6tables-save > /etc/iptables/rules6; # This dosn't work for you?
I just looked on my FW and it looks like the format is the same as iptables-save, most lines contain parameters to be passed to ip6tables, typically starting with '-A', other lines change the default table '-t' and configure policy for chains '-P'. Each table section ends with COMMIT. Example snippet: *filter :INPUT DROP [0:0] - -A INPUT -m conntrack --ctstate INVALID,NEW -j dynamic - -A INPUT -i tun6in4 -j net2fw - -A INPUT -i br0 -j br0_in - -A INPUT -i lo -j ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -j Reject - -A INPUT -j LOG --log-prefix "Shorewall:INPUT:REJECT:" --log-level 6 - -A INPUT -g reject COMMIT > > > > > > -- > Kind regards, > Kees de Jong > > > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n). > Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. > -- > The information contained in this message may be confidential and is intended to be exclusively for the addressee(s). > Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. > > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOxYWXAAoJEEGHzDDLDhlefRwIAJzutIO8LeArhVDrcGemwy/D Z/QyyS04lnfCJA2qCj1ceLoa5raT/orIH+f+LiIEmENNUUWfyFaq6/VFLvke5r4+ sIVYHbmNr/U5dGEx+zEnYnmatJRb6OstW2qv80SI8XNe0qa99fG9CfXlgEQiU3+a 6YclqVHZz/dekq9im+62tYG//ItmrdntWSeXBZNGcwnzfk3lDvLyNm0FEGZXrBgJ wsY2Bh/zzXhMTLmlyi0HQsIQolIPVk2uTvczD1NZKwZzHTYUlj9ePn7YJGgYa6It aF7zDzCZiplqpd5FnMUUWdmf+6JRWp/X0LODLalE3yDfEGr8pX6db/YKEO0iHes= =JhHb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
