Chapter 18. Firewalling

Table of Contents

1. Firewalling using netfilter6
1.1. More information
2. Preparation
2.1. Get sources
2.2. Extract sources
2.3. Apply latest iptables/IPv6-related patches to kernel source
2.4. Configure, build and install new kernel
2.5. Rebuild and install binaries of iptables
3. Usage of ip6tables
3.1. Check for support
3.2. Learn how to use ip6tables
3.3. Examples
4. Network Address Translation (NAT) using netfilter6
4.1. IPv6 Masquerading
4.2. IPv6 Destination NAT
4.3. IPv6 Port Forwarding
5. Firewalling using nftables
5.1. Preparation for nftables usage
5.2. Basic nftables configuration
5.3. Simple filter policy with nftables using only table “inet”
5.4. Filter policy with nftables using tables “ip”, “ip6” and “inet”

IPv6 firewalling is important, especially if using IPv6 on internal networks with global IPv6 addresses. Because unlike at IPv4 networks where in common internal hosts are protected automatically using private IPv4 addresses like RFC 1918 / Address Allocation for Private Internets or Automatic Private IP Addressing (APIPA)Google search for Microsoft + APIPA, in IPv6 normally global addresses are used and someone with IPv6 connectivity can reach all internal IPv6 enabled nodes.