27 Oct
2024
27 Oct
'24
5:06 p.m.
Hi Mike,
On Sat, Oct 26, 2024 at 09:25:44AM +0100, Mike Zanker via BitFolk Users wrote:
Regarding the ICMP rule for a default-deny ip6tables
firewall, I have
this at the end of my ruleset:
-A INPUT -i enX0 -p ipv6-icmp -j ACCEPT
-A INPUT -i enX0 -j DROP
That is a good start. I will add it to the article (any customer can
edit the article so do just add things like this).
It depends what one means by "Minimal" I suppose. If it means "least
amount of rules" then this is probably it for a default-deny ip6tables
firewall. If it means "least amount of things allowed" then it's only
certain types of ICMPv6 that are needed and the source address that it
comes from is quite specific also.
I'm not going to find time to look that up though so if anyone else
knows, please just edit it in.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting