On Wednesday, 7 October, 2015 12:54, "Owen DeLong" <owen@delong.com> said:
There are some important differences for ICMP (don’t break PMTU-D or ND), but otherwise, really not much difference between your IPv4 security policy and your IPv6 security policy.
The IPv4 world would have been nicer without quite so much of the "ICMP is eeeeeeeeevil!" nonsense, but agreed, it's somewhat more fundamental in IPv6.
In fact, on my linux box, I generate my IPv4 iptables file using little more than a global search and replace on the IPv6 iptables configuration which replaces the IPv6 prefixes/addresses with the corresponding IPv4 prefixes/addresses. (My IPv6 addresses for things that take incoming connections have an algorithmic map to IPv4 addresses for things that have them.)
Similarly for at least some supplied tools on top of iptables. 'ufw' Just Works with both - 'ufw allow 25/tcp' will insert the appropriate rule into both iptables and ip6tables, for example. Regards, Tim.