|
|
|
|
|
|
by simon_vetter
3816 days ago
|
|
|
This.
At least, if you're not ready to accept incoming v6 connections (which really isn't hard to do), use connection tracking to let outbound v6 through and add the necessary icmpv6 accept rules. ufw comes pre-installed on ubuntu and is dead simple to use, there's really no reason not to use it. # ufw allow 22/tcp
# ufw enable
should be all you need to have connection tracking on both v6 and v4, have a tried and trusted icmpv6 accept list, and keep your v6 and v4 firewalls in sync. |
|
|
This isn't a replacement for basic precautions such as disabling root login and not allowing password authentication, of course.