Department of Defense
High Performance Computing Modernization Program

The following references describe the basic steps involved in enabling IPv6 firewalls on some Linux distributions. There are many distributions of Linux, and this article does not attempt to cover them all.

Several distributions of Linux use netfilter/ip6tables to implement a Linux-based firewall. An understanding of iptables and how it configures the netfilter tables residing in the Linux kernel is basic to the use of ip6tables. The syntax of ip6tables is identical to iptables except that ip6tables supports the 128-bit addresses used by IPv6. Many references for iptables are available on netfilter.org. ip6tables is described in detail here. This article provides an overview and examples of ip6tables rules for IPv6.

Among the “user-friendly” frontends developed to make the use of iptables easier, only a few support ip6tables. UncomplicatedFirewall (UFW) and its graphical frontend GUFW do, as does Shorewall6.

The SixXS website (archived circa Sept 2013) describes the use of ip6tables on Ubuntu. It also describes the use of pf, ipfw, and ipf on FreeBSD, and the use of pf on OpenBSD. ipfw is described in more detail here. pf is described in more detail here.

The Utah Center for High Performance Computing website (archived circa Apr 2016) describes the use of ip6tables on Red Hat Enterprise Linux (RHEL) 5 and RHEL 6.

The nixCraft website gives examples of the use of ipv6tables on several Linux distributions, including Debian, Ubuntu, Fedora, and CentOS. It also describes the use of pf on FreeBSD, OpenBSD, and NetBSD.

The above are just a few of the available references describing the basic steps involved in enabling IPv6 on a Linux-based firewall. The organization that supports your Linux distribution is another resource. The man pages for iptables, ip6tables, pf, ipfw, and ipf on your Linux system are also resources.

 

 


Top