ip6tables and CentOS 5.6

Having just recently obtained an IPv6 address for my server, I figured it would be a good idea to setup a firewall on the IPv6 address. Although most services are bound to the main IPv4 address only, it doesn’t hurt to be cautious.

The iptables comment module allows you to add a comment of up to 254 characters to any rule. Simply add

-m comment --comment "Your comment here"

to any rule and it will preserve the comment even when using iptables-save to dump the rules.

Unfortunately, I found that there’s no corresponding comment module for ip6tables in CentOS 5.6 so commenting the ruleset had to be done the old fashioned way – by adding a comment into /etc/sysconfig/ip6tables

It looks like there is probably a comment module in more recent versions of ip6tables, but unfortunately CentOS 5.6 comes with a version of iptables that is 5 years old.

1 comment

Comments are closed.