Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router:Linux - Debian: Difference between revisions

m
Even more formatting fixes (still)
m (Even more formatting fixes...)
m (Even more formatting fixes (still))
iptables -t nat -X
iptables -t mangle -X
 
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed
# but allow outbound traffic by default
ip6tables -F
ip6tables -X
 
# set up default IPv6 policies
ip6tables -P FORWARD DROP
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT
 
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules
apt-get install iptables-persistent
systemctl enable netfilter-persistent
 
== A block of IPv4 addresses ==
iptables -t nat -F
iptables -t mangle -F
 
iptables -t filter -X
iptables -t nat -X
iptables -t mangle -X
 
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed
# but allow outbound traffic by default
ip6tables -F
ip6tables -X
 
# set up default IPv6 policies
ip6tables -P FORWARD DROP
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT
 
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules
apt-get install iptables-persistent
systemctl enable netfilter-persistent
 
= Appendicies =
51

edits