This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Ip6tables default rules not allowing ICMPv6 pings

1 post / 0 new

Topic locked

#1 Fri, 10/28/2016 - 13:37

scotwnw

Ip6tables default rules not allowing ICMPv6 pings

Edit: ignore or delete thread. Must have been another issue on my end as now default firewall works as it should even with out the line I added.

On Ubuntu 12.04 and 14.04. Webmin version 1.821 Recently switched from manual IP6tables to the webmin module for handling IP6tables. seems the default ICMPV6 ping protocols do not allow pings or access to any open ports. I had to add rule "If protocol is ICMPV6 and rate is less than 10/second" The 10/less per sec as just a precaution till I figure out whats wrong. But the main issue, nothing gets in without allowing all ICMPv6. Ive reset to default many times. Cleared all ip6tables manually. Then reset to the default for hosting. Doesnt work unless I allow all ICMPv6. This an error or am I missing something?

Here's my slightly modified rules.

Accept  If input interface is not br0       
Accept  If protocol is TCP and TCP flags ACK (of ACK) are set       
Accept  If state of connection is ESTABLISHED       
Accept  If state of connection is RELATED       
Accept  If protocol is UDP and destination port is 1024:65535 and source port is 53         
Accept  If protocol is ICMPV6 and rate is less than 10/second   ---------------------------- THIS HAD TO BE ADDED, also voids all ICMPv6 lines below.       
Accept  If protocol is ICMPV6 and ICMP type is echo-request         
Accept  If protocol is ICMPV6 and ICMP type is echo-reply       
Accept  If protocol is ICMPV6 and ICMP type is destination-unreachable      
Accept  If protocol is ICMPV6 and ICMP type is packet-too-big       
Accept  If protocol is ICMPV6 and ICMP type is time-exceeded        
Accept  If protocol is ICMPV6 and ICMP type is parameter-problem        
Accept  If protocol is TCP and destination port is 225      
Accept  If protocol is TCP and destination port is auth         
Accept  If protocol is TCP and destination port is 53       
Accept  If protocol is UDP and destination port is 53       
Accept  If protocol is TCP and destination port is 80       
Accept  If protocol is TCP and destination port is 443      
Accept  If protocol is TCP and destination ports are 25,587,465         
Accept  If protocol is TCP and destination ports are 143,993        
Accept  If protocol is TCP and destination port is 522:532      
Accept  If protocol is TCP and destination port is 20000