Router:Linux - Debian: Difference between revisions
m (Even more formatting fixes...) |
m (Even more formatting fixes (still)) |
||
iptables -t nat -X
iptables -t mangle -X
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed
# but allow outbound traffic by default
ip6tables -F
ip6tables -X
# set up default IPv6 policies
ip6tables -P FORWARD DROP
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules
apt-get install iptables-persistent
systemctl enable netfilter-persistent
== A block of IPv4 addresses ==
iptables -t nat -F
iptables -t mangle -F
iptables -t filter -X
iptables -t nat -X
iptables -t mangle -X
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed
# but allow outbound traffic by default
ip6tables -F
ip6tables -X
# set up default IPv6 policies
ip6tables -P FORWARD DROP
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules
apt-get install iptables-persistent
systemctl enable netfilter-persistent
= Appendicies =
|