summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--roles/linux_ns/files/iptables/ip6tables.save10
1 files changed, 10 insertions, 0 deletions
diff --git a/roles/linux_ns/files/iptables/ip6tables.save b/roles/linux_ns/files/iptables/ip6tables.save
index 036e5a5..ca67633 100644
--- a/roles/linux_ns/files/iptables/ip6tables.save
+++ b/roles/linux_ns/files/iptables/ip6tables.save
@@ -24,7 +24,17 @@
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -s fd00::/8 -d fd00::/8 -j ACCEPT
+# don't match source alone - will prevent outer system from doing stuff.
+-A FORWARD -i eth0 -d fd00::/8 -j ACCEPT
+# replies!
+-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+# post/prerouting, must allow forward
+# formerly for HTTP/S
+#-A FORWARD -s fd00::/8 -d fcee::1/128 -j ACCEPT
+#-A FORWARD -s fcee::1/128 -d fd00::/8 -j ACCEPT
+
+#-A FORWARD -j LOG --log-prefix "[dn42] forward"
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-20 21:18:41 +0000