将 iptables 规则转换为等效的 ip6tables 规则(CentOS7)

将 iptables 规则转换为等效的 ip6tables 规则(CentOS7)

我有以下适用于 CentOS7 Web 服务器的 iptables 规则。我想获得适用于它们的 ip6tables 等效规则。如果这些规则和 ip6tables 规则之间需要进行任何更改,请告诉我 -

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
(tcp flag NONE packets)

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
(syn attacks, new connection without communication of purpose)

iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
(XMAS packet)

iptables -A INPUT -i lo -j ACCEPT
(allow localhost)

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
(allow port 80)

iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(allow port 443)

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
(allow ssh at port 22)

iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
(drop pings asking for address)

iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
(drop pings asking for timestamp)

iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/second -j ACCEPT
(allow max 5 pings per second, beyond that, pings will be dropped, to prevent ping flooding)

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
(allow established and once connected connections)

iptables -P OUTPUT ACCEPT
(allow all outgoing packets)

iptables -P INPUT DROP
(disallow all incoming packets, except the ones stated above)

相关内容