Ok! This is not much of an article but I am writing it. I am a blogger. Stop me! 😛
As we know, IPv6 or the Internet Protocol version 6 started becoming popular around Nov-Dec 2012. More and more devices like Smartphones, Tablets, Gaming consoles, GPS devices came as flood due to which the IP addresses allocation became an issue. IPv4, the current IP address protocol is near exhaustion so the server admins are also starting to use IPv6.
Problem comes with security. With IPv6 you need one more firewall table called ip6tables. You also have to setup same or little modified rules as in ipv4tables. If you have a server with version 4 along with version 6 IP addresses and you had installed ConfigServer Firewall then there is a good chance you saw this warning in Firewall Status Check;
IPv6 appears to be enabled [ifconfig: ]. If ip6tables is installed, you should enable the csf IPv6 firewall (IPV6 in csf.conf)
This gives the creeps to many people even if they don’t use version6 IP address. Simplest thing you can do to handle this is to disable IPv6, if you don’t use them. However, if you are planning to use it then you must install ip6tables and have a firewall rule in place. Most of the times, Linux comes with IPv6tables and sometimes they don’t. Many times user disable or delete them and then try to get them back.
It is literally just one command to install and it applies to both 32bit and 64bit installations.
Login to your server with root or sudo privilege using SSH (PuTTY etc) and copy-paste this;
yum install iptables-ipv6 -y
Now start the service using;
service ip6tables start
Use ‘sudo’ if you need to.
Then goto CSF and first check the configuration. Copy the required ports from IPv4 rule and paste them to IPv6.
I only use Port 53 and 80. Make sure about port 41 if you intend to relay IPv4 to IPv6. I don’t see a reason to use other ports on IPv6 as I doesn’t access FTP and other services using those IPs. Now, set the IPv6 option as ‘1’ to enable and save changes.
Restart and rest will be handled by CSF/LFD. I just love CSF WebMin Module and CSF for this.