Set Default ip6tables Policy for Incoming Packets

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following line in /etc/iptables/rules.v6:

:INPUT DROP [0:0]

If changes were required, reload the ip6tables rules:

$ sudo service ip6tables reload

Rationale

In ip6tables, the default policy is applied only after all the applicable rules in the table are examined for a match. Setting the default policy to DROP implements proper design for a firewall, i.e. any packets which are not explicitly permitted should not be accepted.

Warning

Automated remediation for this rule is disabled. Changing firewall settings while connected over network can result in being locked out of the system.