![]() And, since it's Linux, after all, I had plenty of documentation available to help me through this journey. I have a recent version of DD-WRT installed on my home router, which besides having full IPv6 support, has extensive customization support, allowing me to setup both the WAN side and the LAN side with a working IPv4 + IPv6 dual-stack. Given that my ISP, for quite some time now, is providing to every customer a fully-functional dual-stack (IPv4 + IPv6) network, I decided it was time to tame IPv6. IPv4 was formerly defined in 1981, a time when technology and its foreseeable future was very different from what it is today (and where we now expect it to go). It has been created from ground up as a technology to address the current limitations of IPv4 (not only the address space), but also as a future-proof technology, able to handle the most demanding network scenarios for decades to come. That is certainly one of the main reasons (if not the main reason) for IPv6 adoption, but this new (well, not so new, since the first draft came to life in 1998) version of the IP protocol brings much more to the table. If the fileserver is a linux host then just put iptables rules on the fileerver to reject the local hosts you dont want to have access.You must have heard that "IPv6 is the future of the Internet", because there are (almost) no more IPv4 addresses available. #add this once to allow all other outgoing ![]() # this will block the service for every host on the network #for each outgoing service you want to block to all local host add one of these: # external service then you add one of these for each local client and external # if you only wanted to block the outgoing access for a given local IP to an Iptables -A INPUT -j REJECT -reject-with icmp-host-prohibited #for each local client that should not have fileserver access add one of these: Iptables -A INPUT -m state -state NEW -m udp -p udp -dport -j ACCEPT #for each incoming udp service you want to allow add one of these: Iptables -A INPUT -m state -state NEW -m tcp -p tcp -dport -j ACCEPT #for each incoming tcp service you want to allow add one of these: ![]() Iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT Iptables -A INPUT -p icmp -icmp-type any -j ACCEPT ![]() I'm not familir with the wrt distro, so I am not sure where you should put these rules. If they do need to go via the router then I have included a rule that I think will help. in the same IP network and the same physical segment) as the packet will not need to traverse the router to travel between them. Stopping the local clients acessing the file server may not be possible if they are on the same nertwork (i.e. I can't give you an exact answer, but the following should help and give you a rough idea. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |