--- lartc.db | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lartc.db b/lartc.db index ab12035..472b4be 100644 --- a/lartc.db +++ b/lartc.db @@ -1318,6 +1318,19 @@ Let's discuss this. In the first line, we created a tunnel device called sixbone GRE tunnels are currently the preferred type of tunneling. It's a standard that is also widely adopted outside the Linux community and therefore a Good Thing. </Para> +<Para> +This tunnel for IPv6 over IPv4 transport is not restricted to IPv6 only. So make sure your IPv4 Firewall does not allow any packets originating from the tunnel device: +</Para> + +<Para> +<Screen> +iptables -A INPUT -i sixbone -j LOG --log-prefix 'DROP IPv4 over IPv6 Tunnel ' +iptables -A INPUT -i sixbone -j DROP +iptables -A FORWARD -i sixbone -j LOG --log-prefix 'DROP IPv4 over IPv6 Tunnel ' +iptables -A FORWARD -i sixbone -j DROP +</Screen> +</Para> + </Sect2> </Sect1> -- 1.7.10 -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
