1 Topic by cygni (edited by cygni 2014-04-05 20:48:19)

  • cygni
  • Member
  • Offline
  • Registered: 2013-09-29
  • Posts: 31

Topic: ipv6/ip6tables support

================ Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version: Debian 7
- Related log if you're reporting an issue:
====

Searching the forum  didn't produce related ip6tables discussion, and here is how I added support. 

cd /etc/init.d/
cp iptables ip6tables
 patch -p0 < /home/cygni/patchfile

patchfile content:

--- ip6tables    2014-04-04 22:04:00.000000000 -0400
+++ iptables.original    2014-04-04 22:04:00.000000000 -0400
@@ -20,28 +20,28 @@
 
 #
 ### BEGIN INIT INFO
-# Provides:          iptables
+# Provides:          ip6tables
 # Required-Start:    $network $syslog
 # Required-Stop:     $network $syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
-# Short-Description: Control iptables firewall.
+# Short-Description: Control ip6tables firewall.
 ### END INIT INFO
 #
-# This init.d script is used to control iptables, based on
-# /etc/init.d/iptables on Red Hat Enterprise Linux 5.3, modified
+# This init.d script is used to control ip6tables, based on
+# /etc/init.d/ip6tables on Red Hat Enterprise Linux 5.3, modified
 # by Zhang Huangbin (zhb _at_ iredmail.org), iRedMail project
 # (http://www.iredmail.org/).
 #
 
 #
-# config: /etc/default/iptables
-# config: /etc/default/iptables-config
+# config: /etc/default/ip6tables
+# config: /etc/default/ip6tables-config
 
 # Source function library.
 . /lib/lsb/init-functions
 
-IPTABLES='iptables'
+IPTABLES='ip6tables'
 IPTABLES_DATA="/etc/default/$IPTABLES"
 IPTABLES_CONFIG="/etc/default/${IPTABLES}-config"
 IPV="${IPTABLES%tables}" # ip for ipv4 | ip6 for ipv6
@@ -50,12 +50,12 @@
 [ -d $(dirname ${VAR_SUBSYS_IPTABLES}) ] || mkdir -p $(dirname ${VAR_SUBSYS_IPTABLES})
 
 if [ ! -x /sbin/$IPTABLES ]; then
-    log_daemon_msg "/sbin/$IPTABLES does not exist." "iptables"
+    log_daemon_msg "/sbin/$IPTABLES does not exist." "ip6tables"
     exit 0
 fi
 
 if lsmod 2>/dev/null | grep -q ipchains ; then
-    log_daemon_msg  "ipchains and $IPTABLES can not be used together." "iptables"
+    log_daemon_msg  "ipchains and $IPTABLES can not be used together." "ip6tables"
     exit 0
 fi
 
@@ -113,7 +113,7 @@
     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
     [ -z "$tables" ] && return 1
 
-    log_daemon_msg "Flushing firewall rules" "iptables"
+    log_daemon_msg "Flushing firewall rules" "ip6tables"
     ret=0
     # For all tables
     for i in $tables; do
@@ -218,7 +218,7 @@
 }
 
 stop() {
-    # Do not stop if iptables module is not loaded.
+    # Do not stop if ip6tables module is not loaded.
     [ -e "$PROC_IPTABLES_NAMES" ] || return 1
 
     flush_n_delete
@@ -278,7 +278,7 @@
 status() {
     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
 
-    # Do not print status if lockfile is missing and iptables modules are not 
+    # Do not print status if lockfile is missing and ip6tables modules are not 
     # loaded.
     # Check if iptable module is loaded
     if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
cp /etc/default/iptables /etc/default/ip6tables

Edit /etc/default/ip6tables from:

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

to:

-A INPUT -p ipv6-icmp -j ACCEPT

update boot-up scripts:

update-rc.d ip6tables defaults

For it to take effect, either reboot the system or run:

/etc/init.d/ip6tables start

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: ipv6/ip6tables support

Thanks for your sharing.

Debian/Ubuntu don't provide script to start/stop iptables rules, so I plan to switch to ufw on Debian/Ubuntu, maybe it's better for Debian/Ubuntu users.