The introduction of the next-generation Internet Protocol,
called IPv6, expands beyond the 32-bit address limit of IPv4 (or
IP). IPv6 supports 128-bit addresses and, as such, carrier networks
that are IPv6 aware are able to address a larger number of routable
addresses than IPv4.
Red Hat Enterprise Linux supports IPv6 firewall rules using the
Netfilter 6 subsystem and the ip6tables
command. The first step in using ip6tables
is to start the ip6tables service. This
can be done with the command:
 |
Warning |
| |
The iptables services must be turned
off to use the ip6tables service
exclusively:
service iptables stop
chkconfig iptables off
|
|
To make ip6tables start by default
whenever the system is booted, change the runlevel status on the
service using chkconfig.
chkconfig --level 345 ip6tables on
|
The syntax is identical to iptables in
every aspect except that ip6tables
supports 128-bit addresses. For example, SSH connections on a
IPv6-aware network server can be enabled with the following
rule:
ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT
|
For more information about IPv6 networking, refer to the IPv6
Information Page at https://www.ipv6.org/.
