ip6tables允许特定端口访问

作者：Chancel Yang，创建：2023-01-23，字数：1792，已阅：26，最后更新：2023-01-23

很多个人宽带现在都拥有IPv6公网IP，按照IPv4的经验放行32400端口，关闭其他入网请求设置如下

Bash

sudo ip6tables -A INPUT -p tcp --dport 32400 -j ACCEPT
sudo ip6tables -A INPUT -j DROP

发现32400端口依然无法正常访问，打印规则后发现流量几乎都走了DROP的规则

Bash

Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
 pkts bytes target     prot opt in     out     source               destination         
0 0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:32400
19046 2663K DROP       all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
 pkts bytes target     prot opt in     out     source               destination

经过查询发现IPv6数据通行会大量使用fe80::/16进行通信，具体原因没有去验证，添加以下规则后可以实现32400端口的正常访问

Bash

sudo ip6tables -I INPUT -s fe80::0/16 -j ACCEPT
sudo ip6tables -I INPUT -d fe80::0/16 -j ACCEPT

最终规则如下

Bash

Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
 pkts bytes target     prot opt in     out     source               destination         
12841 1817K ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:32400
 5805 1836K ACCEPT     all      *      *       fe80::/16            ::/0                
    0     0 ACCEPT     all      *      *       ::/0                 fe80::/16           
19046 2663K DROP       all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
 pkts bytes target     prot opt in     out     source               destination

ip6tables允许特定端口访问

[[replyMessage== null?"发表评论":"发表评论 @ " + replyMessage.m_author]]

评论列表([[messageResponse.total]])