This document discusses IP6TABLES in Linux. It begins with explaining what a firewall and IPTABLES are. It then covers installing and configuring IP6TABLES, including setting up an Apache server. Various IP6TABLES commands and operations are described. The document also provides examples of allowing and blocking inbound and outbound traffic and services. It concludes with saving IP6TABLES rules and preventing denial of service attacks.

1. IP6TABLES IN LINUX
Mandeep Singh
M.Tech (IS)
1

2. TABLE OF CONTENTS
• What is firewall
• What is iptables
• Installing ip6tables
• ip6tables Configuration
• Apache Server Installation and Configuration.
• Blocking Inbound IP services
• Blocking Outbound IP services
• Blocking all traffic
• Prevent DoS attack
• Conclusion
• References
2

3. What is a Firewall?
• Hardware, software, or a combination of both
• prevent unauthorized accessing of private network.
• Protects the resources from users of other networks.
3

4. Continue..
• Linux Firewall Programs:
Ipfwadm : Linux kernel 2.0.34
Ipchains : Linux kernel 2.2.
iptables : Linux kernel 2.4. & above
4

5. What is IPTABLES?
Modified firewall package in linux OS.
Earlier known as ipchains.
Other improvements are:
improved speed and reliability.
Stateful packet inspection.
Filter packets based on TCP header and MAC address.
Better network address translation.
Rate limiting feature blocks DoS attacks.
5

6. Installing ip6tables
•In most Linux installs ip6tables by default.
•Procedure to verify installation of ip6tables in Redhat.
Open terminal and type the following command:
[root@localhost ~]#sudo info ip6tables
For the installation of IP6TABLES:
[root@localhost ~]#apt-get install ip6tables
6

7. 7
 To stop
[root@localhost ~]# sudo service ufw stop
ufw stop/waiting
 To start
[root@localhost ~]# sudo service ufw start
ufw start/running
Start/Stop ip6tables services

8. IP6TABLES Command Switch Operations
IP table command
switch
Description
-t <table> Table is of three types: filter, nat,
mangle. By default filter table is
selected.
-j <target> Packet matches current rule, jump to
specified chain.
-A Append Rule to the End of chain.
-F Delete all rules in selected table.
-p <protocol-type> Match protocol, icmp, tcp, udp, all.

9. Continue
-s <ip- address> Match source ip- address.
-d <ip- address> Match destination ip- address.
-i <interface- name> Match “input” where packet enters.
-o <interface-name> Match “output” on which packet exits.

10. Targets And Jumps
• Firewall rule inspects IP packet and identifies it as the
target.
• After target identification, the packet needs to jump over
it.
By default, ip6tables allows four targets:
 ACCEPT
 REJECT
 DROP
 LOG
11

11. Check the ip6tables rules list:

12. Allowing Established Sessions:
We can allow established sessions to receive traffic:
[root@localhost ~]# sudo ip6tables -A INPUT -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
[root@localhost ~]# sudo ip6tables -A INPUT -m state
--state ESTABLISHED,RELATED -j ACCEPT

13. Continue..

14. Allowing Incoming Traffic on Specific Ports
Define default SSh port no. for ip6tables to allow all TCP
traffic to come to that port.
sudo ip6tables -A INPUT -p tcp --dport ssh -j ACCEPT
The above link explains:
1.append this rule to the input chain (-A INPUT) to look at incoming
traffic
2. check to see if it is TCP (-p tcp).
3.check if the input goes to the SSH port (--dport ssh).
4. if so, accept the input (-j ACCEPT).

15. Continue..

16. sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
Allow all incoming web traffic:

17. INSTALL APACHE2 SERVER
To install apache, open terminal and run these
commands:
#sudo apt-get update
#sudo apt-get install apache2

18. Configuration of Apache2 server for IPv6

19. Ping to IPv6

20. Blocking an Inbound IP Service
Initially we on Ubuntu and run server at http//[::1]/

21. Continue..
• To drop any fragments going to 0:0:0:0::1
[root@localhost ~]#ip6tables -I INPUT -s 0:0:0:0::1 -j DROP

22. Continue..

23. Blocking an Outbound IP Service
• Make the LAN connection & check connectivity

24. Continue..

25. Continue..
• Rule to block the outbound service:

26. Continue..

27. Blocking Traffic
Once a decision is made to accept a packet, no more rules affect
it.
Rules allowing ssh and web traffic come first,
Rule to block all traffic comes next, thus maximum traffic
can be accepted.
At the end, rule is defined to block the traffic.

28. Continue..

29. Saving IP6TABLES
Save your firewall rules to a file
#sudo sh -c "ip6tables-save > /etc/ip6tables.rules"

30. Continue..

31. Prevent DoS Attack:
To prevent the DoS attack on webserver
# ip6tables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute
--limit-burst 100 -j ACCEPT
m limit: to limit IP6TABLES extension
limit 25/minute: maximum of 25 connections per minute.
limit-burst 100: the limit/minute will be enforced only after
limit-burst level is reached.
32

32. Conclusion
Different services can be maintained i.e. firewall, routing,
natting, logging
To Block some types of DoS attacks with the help of rules
implementation.
33

33. References
[1]. https://help.ubuntu.com/community/IptablesHowTo
[2]. https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
[3]. http://www.netfilter.org/documentation/HOWTO/packet-filtering-
HOWTO.html
[4]. http://www.netfilter.org/documentation/
[5]. http://linux.die.net/man/8/ip6tables
[6]. https://www.hscripts.com/tutorials/linux-services/ip6tables.html

34. Thank You!!!