Jan 022013
For those who are using IPv6, you will likely also want to setup iptables rules similar to those used for IPv4 traffic. There are some slight differences between the two and this post is meant to point out just a couple.
I have a very basic iptables template that looks like the following.
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT # allow incoming ssh connections -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # reject everything else -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Here is the equivalent ip6tables template.
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT # allow incoming ssh connections -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # reject everything else -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT
Here you can see that the icmp protocol is now referred to as ipv6-icmp. Also, there is no icmp-host-prohibited qualifier. The equivalent qualifier for IPv6 is icmp6-adm-prohibited. These are the only two I have encountered (so far). Please feel free to leave a list of more in the comments and I will update the post.