[PATCH] ip6tables template for RHEL5

[Matt Domsch]

From: Matt Domsch <mdomsch at puppet1.fedora.phx.redhat.com>

---
 configs/system/ip6tables-template.conf.erb |   40 ++++++++++++++++++++++++++++
 1 files changed, 40 insertions(+), 0 deletions(-)
 create mode 100644 configs/system/ip6tables-template.conf.erb

diff --git a/configs/system/ip6tables-template.conf.erb b/configs/system/ip6tables-template.conf.erb
new file mode 100644
index 0000000..e0a0efc
--- /dev/null
+++ b/configs/system/ip6tables-template.conf.erb
@@ -0,0 +1,40 @@
+# Firewall configuration written by system-config-securitylevel
+# Manual customization of this file is not recommended.
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:RH-Firewall-1-INPUT - [0:0]
+-A INPUT -j RH-Firewall-1-INPUT
+-A FORWARD -j RH-Firewall-1-INPUT
+
+# loopback allowed
+-A RH-Firewall-1-INPUT -i lo -j ACCEPT
+
+# Accept ping and traceroute (needs icmp)
+-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
+
+# Accept IPv6 packets at all
+-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
+-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
+
+# Accept SSH
+-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
+
+# Custom Services
+<% custom.each do |cust| -%>
+<%= cust %>
+<% end -%>
+
+# Services TCP
+<% tcpPorts.each do |port| -%>
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport <%= port %> -j ACCEPT
+<% end -%>
+
+# Services UDP
+<% udpPorts.each do |port| -%>
+-A RH-Firewall-1-INPUT -p udp -m udp --dport <%= port %> -j ACCEPT
+<% end -%>
+
+-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
-- 
1.5.5.6