I want to drop ALL the ipv4 traffic on a certain port and only allow ipv6 traffic with iptables. Is it possible? is so, how?
Asked
Active
Viewed 1,787 times
0
-
You should be setting your chain policies to default to drop. So all you have to do is not add rule to permit traffic. If you already have a complex rule set, then you might need to tell us what rules you currently have, so we can tell you what to add, and where. – Zoredache Jun 28 '12 at 18:37
-
When you say port, do you mean an ethernet port, or a protocol port (please specify TCP or UDP) – Mike Pennington Jun 28 '12 at 18:47
2 Answers
7
You can't do this directly with just iptables as it only controls ipv4. To interact with netfilter for ipv6 you have to use the ip6tables command. To block the IPv4 port just use iptables as you would normally e,g,
iptables -I INPUT -p tcp --dport 80 -j DROP
To open the IPv6 port use ip6tables e.g.
ip6tables -I INPUT -p tcp --dport 80 -j ACCEPT
user9517
- 115,471
- 20
- 215
- 297
2
Presumably the best way to block all IPv4 traffic is not to have an IPv4 address on the port; I'm not sure why iptables would be needed to drop all IPv4 traffic.
Mike Pennington
- 8,305
- 9
- 44
- 87
-
You could conceivably want to do something like this for testing purposes. – user9517 Jun 28 '12 at 18:51
-
Or you want to still be able to ssh access the server because your personal network only supports ipv4 – frazras Oct 16 '17 at 19:10