ip6tables

The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses and, as such, carrier networks that are IPv6 aware are able to address a larger number of routable addresses than IPv4.

Red Hat Linux supports IPv6 firewall rules using the Netfilter 6 subsystem and the ip6tables command. The first step in using ip6tables is to start the IP6Tables service. This can be done with the command:

service ip6tables start

	Warning
	The IPChains and IPTables services must be turned off to use the IP6Tables service using the following commands: service ipchains stop service iptables stop

To make IP6Tables start by default whenever the system is booted, you must change runlevel status on the service using chkconfig.

chkconfig --level 345 ip6tables on

The syntax is identical to iptables in every aspect except that ip6tables supports 128-bit addresses. For example, SSH connections on a IPv6-aware network server can be enabled with the following rule:

ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j \
	  ACCEPT

For more information about IPv6 networking, refer to the IPv6 Information Page at http://www.ipv6.org.