evolix
/
minifirewall
21
0
Fork 0
Code Issues 4 Pull Requests 3 Releases 1 Activity

drop useless ipv6 include file

This commit is contained in:
Jérémy Lecour 2022-03-15 16:29:22 +01:00 committed by Jérémy Lecour
parent 0041789d5e
commit 92f4751ccb
1 changed files with 0 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
minifirewall.d/ipv6
View File

@ -1,26 +0,0 @@
# shellcheck shell=sh disable=SC2034
# Set of rules for IPv6
# They should be moved to the macros in the init script
if [ "${IPV6}" != "off" ]; then
# allow HTTP/HTTPS/SMTP/DNS input
/sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -i ${INT} -p udp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
# allow DNS output
/sbin/ip6tables -A OUTPUT -o ${INT} -p udp --dport 53 --match state --state NEW -j ACCEPT
# allow NTP output
/sbin/ip6tables -A OUTPUT -o ${INT} -p udp --dport 123 --match state --state NEW -j ACCEPT
# allow DHCPv6
# /sbin/ip6tables -A INPUT -i ${INT} -p udp --dport 546 -d fe80::/64 -j ACCEPT
# /sbin/ip6tables -A OUTPUT -o ${INT} -p udp --dport 547 -j ACCEPT
# allow traceroute output
# /sbin/ip6tables -A OUTPUT -o ${INT} -p udp --dport 33434:33523 --match state --state NEW -j ACCEPT
fi