# shellcheck shell=sh disable=SC2034

# Set of rules for IPv6
# They should be moved to the macros in the init script

if [ "${IPV6}" != "off" ]; then
    # allow HTTP/HTTPS/SMTP/DNS input 
    /sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/ip6tables -A INPUT -i ${INT} -p udp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/ip6tables -A INPUT -i ${INT} -p tcp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT

    # allow DNS output
    /sbin/ip6tables -A OUTPUT -o ${INT}  -p udp --dport 53 --match state --state NEW -j ACCEPT

    # allow NTP output
    /sbin/ip6tables -A OUTPUT -o ${INT}  -p udp --dport 123 --match state --state NEW -j ACCEPT

    # allow DHCPv6
    # /sbin/ip6tables -A INPUT -i ${INT}  -p udp --dport 546 -d fe80::/64 -j ACCEPT
    # /sbin/ip6tables -A OUTPUT -o ${INT}  -p udp --dport 547 -j ACCEPT

    # allow traceroute output
    # /sbin/ip6tables -A OUTPUT -o ${INT} -p udp --dport 33434:33523 --match state --state NEW -j ACCEPT
fi