nanog mailing list archives

Re: IPv6 gateway, was: Re: IPv6 foot-dragging

From: Owen DeLong <owen () delong com>
Date: Fri, 13 May 2011 14:46:42 -0700


On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:

Jeroen van Aart wrote:

-I FORWARD -i eth0 -s 2001:db8::/64 -j ACCEPT
-I FORWARD -i eth1 -d 2001:db8::/64 -j ACCEPT


Just in case if anyone'd be using it as an example. It's a good idea to make your rules more restrictive.

Something like:
-I FORWARD -j DROP
-I FORWARD -s 2001:db8::/64 -j ACCEPT
-I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


I thought iptables processed rules in order until it found a match. In such a case, wouldn't
you want those in the reverse order?

Owen

Current thread:

IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
  - Re: IPv6 gateway, was: Re: IPv6 foot-dragging Owen DeLong (May 13)
    - Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
    - Re: IPv6 gateway, was: Re: IPv6 foot-dragging Owen DeLong (May 13)
  - Re: IPv6 gateway, was: Re: IPv6 foot-dragging Todd Lyons (May 16)
    - Re: IPv6 gateway, was: Re: IPv6 foot-dragging Erik Muller (May 17)