I'm trying to setup my device such that only it may initiate network connections other hosts. I.e, other hosts should not be able to initiate a connection with the device.
I've got ipv4 working:
root@kp2:/proc/net# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@kp2:/proc/net#
root@kp2:/proc/net# ping 192.168.21.4
PING 192.168.21.4 (192.168.21.4) 56(84) bytes of data.
64 bytes from 192.168.21.4: icmp_seq=1 ttl=64 time=0.119 ms
^C
As you see, I get the ping response back. However, I cannot get similar functionality with ipv6:
root@kp2:/proc/net# ip6tables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@kp2:/proc/net# ping6 2010::232
PING 2010::232(2010::232) 56 data bytes
^C
--- 2010::232 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Just to show you that the host at the other end indeed exists, as soon as I permit all packets on the INPUT chain, I see the ping response:
root@kp2:/proc/net# ip6tables -P INPUT ACCEPT
root@kp2:/proc/net# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@kp2:/proc/net# ping6 2010::232
PING 2010::232(2010::232) 56 data bytes
64 bytes from 2010::232: icmp_seq=1 ttl=64 time=0.214 ms
^C
--- 2010::232 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.214/0.214/0.214/0.000 ms
Why is it that I can get ping to work with ipv4 but not with ipv6 network?
