IPv6 Support

[kamil]

I'm going to hardcode following ipv6 firewall rules into rc:

Code:

# Disable processing of any RH0 packet
ip6tables -A INPUT   -m rt --rt-type 0 -j DROP
ip6tables -A OUTPUT  -m rt --rt-type 0 -j DROP
ip6tables -A FORWARD -m rt --rt-type 0 -j DROP


ip6tables -A INPUT   -t filter -i lo -j ACCEPT
ip6tables -A OUTPUT  -t filter -o lo -j ACCEPT
ip6tables -A FORWARD -t filter -o lo -j ACCEPT

ip6tables -A OUTPUT -o sixtun -j ACCEPT

ip6tables -A OUTPUT -o br0 -j ACCEPT
ip6tables -A INPUT  -i br0 -j ACCEPT

# Allow ICMP (conditional?)
ip6tables -A INPUT   -p icmpv6 -j ACCEPT
ip6tables -A OUTPUT  -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -j ACCEPT

# Allow Link-Local addresses
ip6tables -A INPUT  -s fe80::/10 -j ACCEPT
ip6tables -A OUTPUT -s fe80::/10 -j ACCEPT
 
# Allow multicast
ip6tables -A INPUT  -s ff00::/8 -j ACCEPT
ip6tables -A OUTPUT -s ff00::/8 -j ACCEPT

kamil - is it OK for the first step?

yes, but i not see default policy

ps: scripts i'm tested in VirtualBox and iso rescuecd - http://rescuecd.pld-linux.org/downlo...RCDx86_297.iso