nat forward ipv6

server:~# echo “1”> /proc/sys/net/ipv6/conf/all/forwarding

iptables:

iptables -I OUTPUT -p ipv6 -j ACCEPT

iptables -I INPUT  -p ipv6 -j ACCEPT

ip6tables

server:~# cat ~/ip6tables.bak
# Generated by ip6tables-save
*filter
:INPUT DROP [0:0]
:FORWARD DROP [7:420]
:OUTPUT DROP [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun1 -j ACCEPT
-A INPUT -m rt —rt-type 0 -j DROP
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -s ff00::/8 -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m rt —rt-type 0 -j DROP
-A FORWARD -s ::/48 -i tun1 -o eth0 -m state —state NEW -j ACCEPT
-A FORWARD -m state —state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o tun1 -j ACCEPT
-A OUTPUT -m rt —rt-type 0 -j DROP
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -s ff00::/8 -j ACCEPT
COMMIT
#

set tos

iptables -t mangle -A POSTROUTING -o eth1.102 -j TOS —set-tos 0xA0

set tos 0xA0 on vlan 102

ban sshd invalid user

tail -10000 /var/log/messages | egrep sshd | egrep Invalid | awk ‘{print $10}’ | sort -n | uniq -c | sort -n | awk ‘{print “iptables -I INPUT 1 -s “$2” -j DROP”}’ | sh

nat forward

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -I FORWARD 1 -s 10.0.0.0/8 -j ACCEPT

iptables -I FORWARD 2 -d 10.0.0.0/8 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE