search

batrick / ceph-linode

Launch Ceph using the Linode VPS provider
GNU General Public License v3.0
13 stars 10 forks source link

iptables.yml: Enable default ipv6 firewall #67

Open ajarr opened 2 years ago

ajarr commented 2 years ago

Jeff Layton suggested that we enable default IPv6 firewall with iptables

Currently in hosts set up by ceph linode, I see no IPv6 rules

# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

After Jeff's suggestion,


# systemctl enable ip6tables
# systemctl start ip6tables
# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     ipv6-icmp    anywhere             anywhere            
ACCEPT     all      anywhere             anywhere            
ACCEPT     tcp      anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     udp      anywhere             fe80::/64            udp dpt:dhcpv6-client state NEW
REJECT     all      anywhere             anywhere             reject-with icmp6-adm-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all      anywhere             anywhere             reject-with icmp6-adm-prohibited
`
batrick commented 1 year ago

Sounds good, want to make the change @ajarr?