Open ajarr opened 2 years ago
Jeff Layton suggested that we enable default IPv6 firewall with iptables
Currently in hosts set up by ceph linode, I see no IPv6 rules
# ip6tables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
After Jeff's suggestion,
# systemctl enable ip6tables # systemctl start ip6tables # ip6tables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all anywhere anywhere state RELATED,ESTABLISHED ACCEPT ipv6-icmp anywhere anywhere ACCEPT all anywhere anywhere ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp anywhere fe80::/64 udp dpt:dhcpv6-client state NEW REJECT all anywhere anywhere reject-with icmp6-adm-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all anywhere anywhere reject-with icmp6-adm-prohibited `
Sounds good, want to make the change @ajarr?
Jeff Layton suggested that we enable default IPv6 firewall with iptables
Currently in hosts set up by ceph linode, I see no IPv6 rules
After Jeff's suggestion,