Working on a script, and to test, I need to shut down ip6tables temporarily. firewalld is running; is there any way to shut down *just*
ip6tables?
I tried installinf iptables-services, and did a systemctl stop ip6tables, and no joy.
mark
4 thoughts on - Ip6tables On C7
Hi
I believe this should remove any ipv6 rules (rules and chains)
ip6tables -F
ip6tables -X
You may need to set the default policies as well, as they I belive are to deny all incoming and unrestricted outgoing
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT
Regards
Andrew
You might want to clear the other tables, too:
for x in filter nat mangle raw security “”
do
ip6tables ${x:+-t $x} -F
ip6tables ${x:+-t $x} -X
done
firewalld appears to leave the policies as ACCEPT, which is their default.
Gordon Messmer wrote:
I think y’all misunderstood me – I just want to say “turn off”, run my script to test it, and turn it back on.
However, I found out something: iptables -L gives the rules, also….*only* for IPv4; ip6tables -L does the same for only 6. And it does look as though by shutting down ip6tables, it did turn them off –
ip6tables shows on 8 lines, which are all aCCEPT. I’d been looking at the o/p of iptalbes-save, and ip6tables-save.
Thanks, though.
mark
I think we understood what you meant, but firewalld doesn’t offer a mechanism to turn off only ipv6 rules that I’m aware of. So you’d need to use ip6tables directly, clear the rules, and then reload firewalld when you wanted to re-enable them.
I’m assuming that you mean “systemctl disable ip6tables” which work if you have the iptables init scripts installed. They normally aren’t.
The advice offered will work on a default installation.
4 thoughts on - Ip6tables On C7
Hi
I believe this should remove any ipv6 rules (rules and chains)
ip6tables -F
ip6tables -X
You may need to set the default policies as well, as they I belive are to deny all incoming and unrestricted outgoing
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT ACCEPT
Regards
Andrew
You might want to clear the other tables, too:
for x in filter nat mangle raw security “”
do
ip6tables ${x:+-t $x} -F
ip6tables ${x:+-t $x} -X
done
firewalld appears to leave the policies as ACCEPT, which is their default.
Gordon Messmer wrote:
I think y’all misunderstood me – I just want to say “turn off”, run my script to test it, and turn it back on.
However, I found out something: iptables -L gives the rules, also….*only* for IPv4; ip6tables -L does the same for only 6. And it does look as though by shutting down ip6tables, it did turn them off –
ip6tables shows on 8 lines, which are all aCCEPT. I’d been looking at the o/p of iptalbes-save, and ip6tables-save.
Thanks, though.
mark
I think we understood what you meant, but firewalld doesn’t offer a mechanism to turn off only ipv6 rules that I’m aware of. So you’d need to use ip6tables directly, clear the rules, and then reload firewalld when you wanted to re-enable them.
I’m assuming that you mean “systemctl disable ip6tables” which work if you have the iptables init scripts installed. They normally aren’t.
The advice offered will work on a default installation.