Nohk Two wrote:
On 2023/4/21 15:52, Per Jessen wrote:
Carlos E. R. wrote:
I'm asking how to block external internet in openSUSE, using SuSEfirewall2 or firewalld. On each computer.
ip6tables -A INPUT -p all -s yourpref/64 -j ACCEPT ip6tables -A INPUT -p all -j DROP
This line drops all other IPv6 inputs include the ICMPv6 from the link local address. I don't think this is a good idea.
It's better to ACCEPT the ICMPv6 from the link local address (eg. fe80::/64) and yourprefix(eg. 2a02:1234:5678:abcd::/64) before DROP all others.
I agree. I didn't mean to present an "only-add-water" solution, a complete iptables firewall certainly requires more. Looking at a random machine of my own, it has some 60 iptables rules. -- Per Jessen, Zürich (8.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes