如何编写 iptables 规则来接受某些 ICMPv6 类型和代码?

tag-icon tag-icon iptables
如何编写 iptables 规则来接受某些 ICMPv6 类型和代码?

我目前有以下情况:

ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT

对于 ICMPv6 类型 3,我只想接受代码 0。

对于 ICMPv6 类型 4,我只想接受代码 1 和 2。

这是基于RFC 4890

答案1

iptables-extensions(8) 的手册页如下:

   icmp6 (IPv6-specific)
       This extension can be used if  `--protocol  ipv6-icmp'  or  `--protocol
       icmpv6' is specified. It provides the following option:

       [!] --icmpv6-type type[/code]|typename
              This  allows  specification  of  the ICMPv6 type, which can be a
              numeric ICMPv6 type, type and code, or one of  the  ICMPv6  type
              names shown by the command
               ip6tables -p ipv6-icmp -h

相关内容