이 콘텐츠는 선택한 언어로 제공되지 않습니다.
7.7. ip6tables
The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses and, as such, carrier networks that are IPv6 aware are able to address a larger number of routable addresses than IPv4.
Red Hat Enterprise Linux supports IPv6 firewall rules using the Netfilter 6 subsystem and the
ip6tables command. The first step in using ip6tables is to start the ip6tables service. This can be done with the command:
service ip6tables startWarning
The
iptables services must be turned off to use the ip6tables service exclusively:
service iptables stopchkconfig iptables off
To make
ip6tables start by default whenever the system is booted, change the runlevel status on the service using chkconfig.
chkconfig --level 345 ip6tables on
The syntax is identical to
iptables in every aspect except that ip6tables supports 128-bit addresses. For example, SSH connections on a IPv6-aware network server can be enabled with the following rule:
ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT
For more information about IPv6 networking, refer to the IPv6 Information Page at http://www.ipv6.org/.
