Configure iptables for IPv6

Vanilla-OS · Jan 13, 2025 · df3b49c · df3b49c
1 parent 8f2396b
commit df3b49c
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/includes.container/etc/iptables/rules.v6 b/includes.container/etc/iptables/rules.v6
@@ -0,0 +1,15 @@
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# Allow loopback
+-A INPUT -i lo -j ACCEPT
+
+# Allow SSH (Port 22)
+# -A INPUT -p tcp --dport 22 -j ACCEPT
+
+# Allow enstabilished and related connections
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+COMMIT
diff --git a/includes.container/usr/systemd/system/ip6tables.service b/includes.container/usr/systemd/system/ip6tables.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=ip6tables firewall rules
+DefaultDependencies=no
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip6tables-restore /etc/iptables/rules.v6
+ExecReload=/sbin/ip6tables-restore /etc/iptables/rules.v6
+ExecStop=/sbin/ip6tables-save > /etc/iptables/rules.v6
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/modules/91-iptables.yml b/modules/91-iptables.yml
@@ -8,3 +8,7 @@ modules:
     type: shell
     commands:
       - ln -s /usr/lib/systemd/system/iptables.service /etc/systemd/system/multi-user.target.wants/iptables.service
+  - name: enable-ip6tables-systemd-unit
+    type: shell
+    commands:
+      - ln -s /usr/lib/systemd/system/ip6tables.service /etc/systemd/system/multi-user.target.wants/iptables.service