The introduction of the next-generation Internet Protocol, called
IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6
supports 128-bit addresses and, as such, carrier networks that are IPv6
aware are able to address a larger number of routable addresses than
IPv4.
Red Hat Enterprise Linux supports IPv6 firewall rules using the Netfilter 6 subsystem
and the ip6tables command. The first step in using
ip6tables is to start the
ip6tables service. This can be done with the
command:
 | Warning |
|---|
| | The iptables services must be turned off to use
the ip6tables service exclusively: service iptables stop
chkconfig iptables off |
|
To make ip6tables start by default whenever the
system is booted, change the runlevel status on the service using
chkconfig.
chkconfig --level 345 ip6tables on |
The syntax is identical to iptables in every
aspect except that ip6tables supports 128-bit
addresses. For example, SSH connections on a IPv6-aware network server
can be enabled with the following rule:
ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT |
For more information about IPv6 networking, refer to the IPv6
Information Page at https://www.ipv6.org/.
