I have been lax on setting up local host-based firewalls on my iptables/ip6tables boxes with IPv6 interfaces, so I started converting my iptables rulesets on those boxes over to IPv6 (specifically for rules that reference actual IP addresses or IP address subnets).
iptables rules should transfer directly over to ip6tables, as long as you convert any IPv4 references to IPv6. Unfortunately, I was having problems with ip6tables accepting my SSH connections over IPv6. I knew it was ip6tables being problematic because the second I would
ip6tables --flush
or
/sbin/service ip6tables stop
I would be able to SSH to the server over the IPv6 interface.
After much Google research, I stumbled across some back and forth discussion regarding issues with ip6tables and found that IPv6 seems to be more reliant on ICMP than IPv4. So I added the following to my rules:
-A INPUT -p icmpv6 -j ACCEPT
and that allowed SSH connections over SSH (after creating a rule to allow port 22, respectively).
Comment on this post