How to write iptables rule to accept certain ICMPv6 types and codes?

sunknudsen asked:

I currently have the following:

ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT

For ICMPv6 type 3, I would like to only accept code 0.

For ICMPv6 type 4, I would like to only accept codes 1 and 2.

This is based on RFC 4890.

My answer:


The man page says:

   icmp6 (IPv6-specific)
       This extension can be used if  `--protocol  ipv6-icmp'  or  `--protocol
       icmpv6' is specified. It provides the following option:

       [!] --icmpv6-type type[/code]|typename
              This  allows  specification  of  the ICMPv6 type, which can be a
              numeric ICMPv6 type, type and code, or one of  the  ICMPv6  type
              names shown by the command
               ip6tables -p ipv6-icmp -h

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.