Update iptables rulesHEADmaster

1 files changed, 10 insertions, 0 deletions

diff --git a/roles/linux_ns/files/iptables/ip6tables.save b/roles/linux_ns/files/iptables/ip6tables.save
index 036e5a5..ca67633 100644
--- a/roles/linux_ns/files/iptables/ip6tables.save
+++ b/roles/linux_ns/files/iptables/ip6tables.save
@@ -24,7 +24,17 @@
 -A INPUT -j REJECT --reject-with icmp6-port-unreachable
 
 -A FORWARD -s fd00::/8 -d fd00::/8 -j ACCEPT
+# don't match source alone - will prevent outer system from doing stuff.
+-A FORWARD -i eth0 -d fd00::/8 -j ACCEPT
+# replies!
+-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 
+# post/prerouting, must allow forward
+# formerly for HTTP/S
+#-A FORWARD -s fd00::/8 -d fcee::1/128 -j ACCEPT
+#-A FORWARD -s fcee::1/128 -d fd00::/8 -j ACCEPT
+
+#-A FORWARD -j LOG --log-prefix "[dn42] forward"
 -A FORWARD -j REJECT --reject-with icmp6-port-unreachable
 
 COMMIT