IPv6 gateway, was: Re: IPv6 foot-dragging

Owen DeLong owen at delong.com
Fri May 13 21:46:42 UTC 2011


On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:

> Jeroen van Aart wrote:
>> -I FORWARD -i eth0 -s 2001:db8::/64 -j ACCEPT
>> -I FORWARD -i eth1 -d 2001:db8::/64 -j ACCEPT
> 
> Just in case if anyone'd be using it as an example. It's a good idea to make your rules more restrictive.
> 
> Something like:
> -I FORWARD -j DROP
> -I FORWARD -s 2001:db8::/64 -j ACCEPT
> -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> 

I thought iptables processed rules in order until it found a match. In such a case, wouldn't
you want those in the reverse order?

Owen





More information about the NANOG mailing list