= phenomenon = ipv6 is already enabled in the data centers of some of our systems. ibiblio in particular is already assigning globally reachable IPv6 addresses to our xen hosts and guests there. But there are no ip6tables in place to filter any possible traffic. = reason = need equivalent filters as on ipv4 = recommendation = add equivalent filters as on ipv4
Accepting ticket
I have made a ip6tables file translated from the original iptables file working on publictest8. I have found that the translation from IPv4 to IPv6 is easy but hard to work by hand (calculating and replacing), so I'll try to write a little program to make the translation/conversion. By now, I have only one big doubt: on ip6tables does't exist the "icmp-host-prohibited" option so i am using the "icmp6-adm-prohibited".
ipv6tables is now running on publictest8 for doing some tests.
Hey, sorry - I didn't know this was being worked on, so I added ip6tables everywhere earlier today (I was in kind of a rush to do so since some of our services were completely open via ipv6, and I didn't want to take any chances).
Login to comment on this ticket.