project-lakitu/chromeos-base/chromeos-firewall-init-lakitu/files/ip6tables-setup - cos/overlays/board-overlays - Git at Google

 #!/bin/bash
 # Copyright 2015 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 ip6tables -P INPUT DROP -w
 ip6tables -P FORWARD DROP -w
 ip6tables -P OUTPUT DROP -w

 # Accept everything on the loopback
 ip6tables -A INPUT -i lo -j ACCEPT -w
 ip6tables -A OUTPUT -o lo -j ACCEPT -w

 # Accept icmp echo (NB: icmp echo ratelimiting is done by the kernel)
 ip6tables -A INPUT -p icmpv6 -j ACCEPT -w
 ip6tables -A OUTPUT -p icmpv6 -j ACCEPT -w

 # Accept return traffic inbound
 ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -w

 # Accept new and return traffic outbound
 ip6tables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -w

 # Allow DHCPv6 client inbound
 ip6tables -A INPUT -p udp -m udp --dport 546 -j ACCEPT
	#!/bin/bash
	# Copyright 2015 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	ip6tables -P INPUT DROP -w
	ip6tables -P FORWARD DROP -w
	ip6tables -P OUTPUT DROP -w

	# Accept everything on the loopback
	ip6tables -A INPUT -i lo -j ACCEPT -w
	ip6tables -A OUTPUT -o lo -j ACCEPT -w

	# Accept icmp echo (NB: icmp echo ratelimiting is done by the kernel)
	ip6tables -A INPUT -p icmpv6 -j ACCEPT -w
	ip6tables -A OUTPUT -p icmpv6 -j ACCEPT -w

	# Accept return traffic inbound
	ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -w

	# Accept new and return traffic outbound
	ip6tables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -w

	# Allow DHCPv6 client inbound
	ip6tables -A INPUT -p udp -m udp --dport 546 -j ACCEPT