#!/bin/sh export IP6TABLES_LIB_DIR='/opt/ipv6/usr/lib/iptables' IP6TABLES='/opt/ipv6/usr/sbin/ip6tables' PATH='/bin:/usr/bin:/sbin:/usr/sbin:/jffs/sbin:/jffs/bin:/jffs/usr/sbin:/jffs/usr/bin:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin:/opt/ipv6/usr/sbin' ### Start Firewall ## INPUT: To this device # Flush old rules $IP6TABLES -F INPUT # Allow established $IP6TABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow ICMPv6 $IP6TABLES -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT # Allow internal $IP6TABLES -A INPUT -i br0 -j ACCEPT $IP6TABLES -A INPUT -i lo0 -j ACCEPT # Allow SSH to local $IP6TABLES -A INPUT -i ipv6 -p tcp -d 2001:610:736::1 --dport 22 -j ACCEPT # Drop the rest $IP6TABLES -P INPUT DROP ## FORWARD: To/from Internet/Internal network # Flush old rules $IP6TABLES -F FORWARD # Allow established $IP6TABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow ICMPv6 $IP6TABLES -A FORWARD -p icmpv6 --icmpv6-type echo-request -j ACCEPT # Allow internal $IP6TABLES -A FORWARD -i br0 -j ACCEPT # Allow SSH $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 22 -j ACCEPT $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736:0:7271:bcff:febd:4d6b --dport 22 -j ACCEPT # Allow SMTP $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 25 -j ACCEPT $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 50025 -j ACCEPT # Allow HTTP & HTTPS $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 80 -j ACCEPT $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736:0:7271:bcff:febd:4d6b --dport 80 -j ACCEPT $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 443 -j ACCEPT # Allow IMAPS & POP3S $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 993 -j ACCEPT $IP6TABLES -A FORWARD -i ipv6 -p tcp -d 2001:610:736::2 --dport 995 -j ACCEPT # Drop the rest $IP6TABLES -P FORWARD DROP