Chapter 7. Firewalls

73

The syntax is identical to

iptables

in every aspect except that

ip6tables

supports 128 bit ad 

dresses. For example, SSH connections on a IPv6 aware network server can be enabled with the

following rule:

ip6tables  A INPUT  i eth0  p tcp  s 3ffe:ffff:100::1/128   dport 22  j \

ACCEPT

For more information about IPv6 networking, refer to the IPv6 Information Page at

http://www.ipv6.org.

7.3. Additional Resources

There are several aspects to firewalls and the Linux Netfilter subsystem that could not be covered here.

For more information, refer to the following resources.

7.3.1. Installed Documentation

The Official Red Hat Linux Reference Guide has a comprehensive chapter on iptables, including

definitions for all command options.

The

iptables

manual page contains a brief summary of the various options, as well.

7.3.2. Useful Websites

http://www.netfilter.org   The official homepage of the Netfilter/

iptables

project.

http://www.redhat.com/support/resources/networking/firewall.html   Red Hat Support firewall re 

source page.

http://www.tldp.org   The Linux Documentation Project contains several useful guides relating to

firewall creation and administration.

7.3.3. Related Documentation

Linux Firewalls, by Robert Ziegler, contains a wealth of information on building firewalls using

both 2.2 kernel

ipchains

as well as Netfilter and

iptables

. Additional security topics such as

remote access issues and Intrusion Detection Systems are also covered.