ipv6 firewall?

Karl Auer kauer at biplane.com.au
Wed Jun 10 23:00:21 UTC 2009

On Thu, 2009-06-11 at 00:13 +0200, Tony Asnicar wrote:
> Could that be a security "hole" that the normal iptables is managing
> IPv4? 
> I mean if theres normally IPv6 support on the machine, it could have a
> good firewall over IPv4, but it will not be firewalled under IPv6??

That is correct - IPv6 is a separate protocol, managed, routed and
filtered completely separately from IPv4. Think of it as two doors into
your computer - there's not much point locking only one.

You should either disable IPv6 completely, or filter it at least as well
as you filter IPv4.

If you want to filter IPv6, I can strongly recommend Firewall Builder.
Firewall Builder will let you build a v4/v6 firewall in a
point-and-click fashion. It generates as output a script that issues all
the right iptables and ip6tables commands. With a little additional
scripting you can make the generated output part of your boot sequence.

There's a lot more to it than that, but it's just fine even for a simple
home setup. FOSS of course - a very current project, with a very
responsive developer. It is multiplatform - win/mac/unix.

To the best of my knowledge FWB is the only Linux firewall manager, so
far, that understands both protocols.


Regards, K.

Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090611/423d29f4/attachment.pgp>

More information about the ubuntu-users mailing list