I want to block all ipv6 traffic, I have the following rules:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A OUTPUT -j REJECT --reject-with icmp6-port-unreachable
I don't want to reject, I want to drop it all.
I used this file to set my rules :
*filter
-F
-X
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-D INPUT -j REJECT --reject-with icmp6-port-unreachable
-D OUTPUT -j REJECT --reject-with icmp6-port-unreachable
COMMIT
but this line is failing when I try ip6tables-restore
-D INPUT -j REJECT --reject-with icmp6-port-unreachable
I can delete the rule by command line but i don't know why I can't using a file.
[EDIT]
I need to use a custom file to set my rules cause in my system, the script starting the ip6tables is in a read only partition and it sets some rules by default and then it add my custom file using ip6tables-restore --noflush
Thanks.
