Having just recently obtained an IPv6 address for my server, I figured it would be a good idea to setup a firewall on the IPv6 address. Although most services are bound to the main IPv4 address only, it doesn’t hurt to be cautious.
The iptables comment module allows you to add a comment of up to 254 characters to any rule. Simply add
-m comment --comment "Your comment here"
to any rule and it will preserve the comment even when using iptables-save to dump the rules.
Unfortunately, I found that there’s no corresponding comment module for ip6tables in CentOS 5.6 so commenting the ruleset had to be done the old fashioned way – by adding a comment into /etc/sysconfig/ip6tables
It looks like there is probably a comment module in more recent versions of ip6tables, but unfortunately CentOS 5.6 comes with a version of iptables that is 5 years old.
Yet another hurdle with CentOS’ IPv6 support. I have simply disabled IPv6 on CentOS altogether because of the lack of firewalling ability in general, see https://bugzilla.redhat.com/show_bug.cgi?id=243739 for more info.
Comments are closed.