Commit 181e8d28 authored by Cédric BRINER's avatar Cédric BRINER Committed by Cédric BRINER
Browse files

better documentation

parent 78c809a4
......@@ -387,20 +387,31 @@ eof
function doc_ipf6()
{
echo "# -----------------------------------------"
echo "# ipv6"
echo "cd /etc/ipf"
echo "saveback ipf6.conf"
echo "vim ipf6.conf"
echo "# add before block in quick from any to <thishost> head i_global"
echo "block return-rst in quick proto tcp from 2001:620:600::0/48 to <thishost> head i_global"
echo "block return-rst in quick proto tcp from fd69:620:600::0/48 to <thishost> head i_global"
echo "# add line to allow 80 n 443"
echo "pass in quick proto tcp from any to any port = 80 group i_global"
echo "pass in quick proto tcp from any to any port = 443 group i_global"
cat << EOF
# -----------------------------------------
# ipv6
cd /etc/ipf
saveback ipf6.conf
vim ipf6.con6
# enable IN rules and be polite inside our network with
block return-rst in quick proto tcp from 2001:620:600::0/48 to <thishost> head i_global
block return-rst in quick proto tcp from fd69:620:600::0/48 to <thishost> head i_global
block in quick from any to <thishost> head i_global
# enable OUT rules
block out quick from <thishost> to any head o_global
# for eg allow http and https with respectively i_global & o_global
pass in quick proto tcp from any to any port = 80 group i_global
pass in quick proto tcp from any to any port = 443 group i_global
pass out quick proto tcp from any port = 80 to any group o_global
pass out quick proto tcp from any port = 443 to any group o_global
EOF
}
function usage()
{
pb "for the first time do '$0 disable-ndp' and then '$O off-to-ipv6-static'"
pb " - $0 disable-ndp"
pb "Usage: $0"
pb " disable-ndp: turn off stateless(ra), stateful(dhcp), tmpaddr (privacy)"
pb " enable-stateless-only: turn on stateless(ra). turn off stateful(dhcp) & tmpaddr (privacy)"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment