很多个人宽带现在都拥有IPv6公网IP,按照IPv4的经验放行32400端口,关闭其他入网请求设置如下
sudo ip6tables -A INPUT -p tcp --dport 32400 -j ACCEPT
sudo ip6tables -A INPUT -j DROP
发现32400端口依然无法正常访问,打印规则后发现流量几乎都走了DROP的规则
Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:32400
19046 2663K DROP all * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
pkts bytes target prot opt in out source destination
经过查询发现IPv6数据通行会大量使用fe80::/16进行通信,具体原因没有去验证,添加以下规则后可以实现32400端口的正常访问
sudo ip6tables -I INPUT -s fe80::0/16 -j ACCEPT
sudo ip6tables -I INPUT -d fe80::0/16 -j ACCEPT
最终规则如下
Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
pkts bytes target prot opt in out source destination
12841 1817K ACCEPT tcp * * ::/0 ::/0 tcp dpt:32400
5805 1836K ACCEPT all * * fe80::/16 ::/0
0 0 ACCEPT all * * ::/0 fe80::/16
19046 2663K DROP all * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
pkts bytes target prot opt in out source destination