21 Apr
2023
21 Apr
'23
08:57
On 2023/4/21 15:52, Per Jessen wrote:
Carlos E. R. wrote:
I'm asking how to block external internet in openSUSE, using SuSEfirewall2 or firewalld. On each computer.
ip6tables -A INPUT -p all -s yourpref/64 -j ACCEPT ip6tables -A INPUT -p all -j DROP This line drops all other IPv6 inputs include the ICMPv6 from the link local address. I don't think this is a good idea.
It's better to ACCEPT the ICMPv6 from the link local address (eg. fe80::/64) and yourprefix(eg. 2a02:1234:5678:abcd::/64) before DROP all others.
That will accept all traffic coming from addresses in your prefix, and drop everything else. There is a couple of more entries needed to allow a machine to have working ipv6 traffic on the internet, if desired.