Code:
#!/bin/bash
# dieses Script liegt auf /etc/network/if-up.d/startipv6tunnel
# The IPv4 address of the hurricane PoP you're using
HURRICANE4="216.66.80.98" #siehe Screenshot in Schritt 3 (1)
EXTIP="223.67.22.22" #siehe Screenshot in Schritt 3 (2)
TUNNELPREFIX="2001:7f7:25:477::" #siehe Screenshot in Schritt 3 (3) + Anmerkung 1
INTPREFIX="2001:7f7:b6b1::/64" #siehe Screenshot in Schritt 3 (4) + Anmerkung 2
INTPREFIXIP="2001:7f7:b6b1::1" #siehe Screenshot in Schritt 3 (4) + Anmerkung 2
EXTERNALIF="eth0"
INTERNALIF="eth1"
#OPTIONAL:/sbin/ip addr add &36;EXTIP/32 dev &36;EXTERNALIF
MYTUNNELIP="&36;{TUNNELPREFIX}2"
HURRICANETUNNELIP="&36;{TUNNELPREFIX}1"
MTU=1280
IPTABLES="/sbin/iptables"
IPT6="/sbin/ip6tables"
IP6DEV="hurricane"
## ENABLING IPv6 Tunnel ##
&36;IPTABLES -A INPUT -p 41 -s &36;HURRICANE4 -d &36;EXTIP -j ACCEPT
&36;IPTABLES -A OUTPUT -p 41 -d &36;HURRICANE4 -s &36;EXTIP -j ACCEPT
&36;IPTABLES -A POSTROUTING -o &36;EXTERNALIF -t nat -d &36;HURRICANE4 -p all -j SNAT --to-source &36;EXTIP
## ENABLING IPv6 Tunnel ##
/sbin/ip tunnel add &36;IP6DEV mode sit local &36;{EXTIP} remote &36;{HURRICANE4} ttl 255
/sbin/ip link set &36;IP6DEV up
/sbin/ip -6 addr add &36;{MYTUNNELIP}/64 dev &36;IP6DEV
/sbin/ip -6 ro add ::/0 dev &36;IP6DEV
#INTERNALIF #
/sbin/ip a a &36;INTPREFIXIP dev &36;INTERNALIF
/sbin/ip r a &36;INTPREFIX dev &36;INTERNALIF
echo "Starting IPv6 firewall..."
#OPTIONAL: enable IPv6 forwarding
#OPTIONAL:echo 1 &t; /proc/sys/net/ipv6/conf/all/forwarding
/etc/init.d/radvd restart
&36;IPT6 -F
&36;IPT6 -X
&36;IPT6 -t mangle -F
&36;IPT6 -t mangle -X
#unlimited access to loopback
&36;IPT6 -A INPUT -i lo -j ACCEPT
&36;IPT6 -A OUTPUT -o lo -j ACCEPT
#&36;IPT6 -P INPUT ACCEPT
#&36;IPT6 -P OUTPUT ACCEPT
#&36;IPT6 -P FORWARD ACCEPT
## DROP all incomming traffic
&36;IPT6 -P INPUT DROP
&36;IPT6 -P OUTPUT DROP
&36;IPT6 -P FORWARD DROP
# Allow full outgoing connection but no incomming stuff
&36;IPT6 -A INPUT -i &36;IP6DEV -m state --state ESTABLISHED,RELATED -j ACCEPT
&36;IPT6 -A OUTPUT -o &36;IP6DEV -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# allow incoming ICMP ping pong stuff
&36;IPT6 -A INPUT -i &36;IP6DEV -p ipv6-icmp -j ACCEPT
&36;IPT6 -A OUTPUT -o &36;IP6DEV -p ipv6-icmp -j ACCEPT
# Clients are allowed to connect to router
&36;IPT6 -A INPUT -i &36;INTERNALIF -p all -j ACCEPT
&36;IPT6 -A OUTPUT -o &36;INTERNALIF -p all -j ACCEPT
# clients are allowed to reach internet
&36;IPT6 -A FORWARD -i &36;INTERNALIF -o &36;IP6DEV -p all -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
&36;IPT6 -A FORWARD -o &36;INTERNALIF -i &36;IP6DEV -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
############## add your custom rules below ############
#### open IPv6 port 80
##&36;IPT6 -A INPUT -i &36;IP6DEV -p tcp --destination-port 80 -j ACCEPT
#### open IPv6 port 22
##&36;IPT6 -A INPUT -i &36;IP6DEV -p tcp --destination-port 22 -j ACCEPT
#### open IPv6 port 25
##&36;IPT6 -A INPUT -i &36;IP6DEV -p tcp --destination-port 25 -j ACCEPT
############# End custom rules ################
#
##### no need to edit below ###
## log everything else
#&36;IPT6 -A INPUT -i &36;IP6DEV -j LOG
&36;IPT6 -A INPUT -i &36;IP6DEV -j DROP
step1_forum.jpg (Größe: 109,08 KB / Downloads: 6)