Chapter 18. Firewalling

Table of Contents
18.1. Firewalling using netfilter6
18.2. Preparation
18.2.1. Get sources
18.2.2. Extract sources
18.2.3. Apply latest iptables/IPv6-related patches to kernel source
18.2.4. Configure, build and install new kernel
18.2.5. Rebuild and install binaries of iptables
18.3. Usage of ip6tables
18.3.1. Check for support
18.3.2. Learn how to use ip6tables
18.3.3. Examples
18.4. Network Address Translation (NAT) using netfilter6
18.4.1. IPv6 Masquerading
18.4.2. IPv6 Destination NAT
18.4.3. IPv6 Port Forwarding
18.5. Firewalling using nftables
18.5.1. Preparation for nftables usage
18.5.2. Basic nftables configuration
18.5.3. Simple filter policy with nftables using only table “inet”
18.5.4. Filter policy with nftables using tables “ip”, “ip6” and “inet”

IPv6 firewalling is important, especially if using IPv6 on internal networks with global IPv6 addresses. Because unlike at IPv4 networks where in common internal hosts are protected automatically using private IPv4 addresses like RFC 1918 / Address Allocation for Private Internets or Automatic Private IP Addressing (APIPA)Google search for Microsoft + APIPA, in IPv6 normally global addresses are used and someone with IPv6 connectivity can reach all internal IPv6 enabled nodes.