On my debian 5.0 server, I setup some iptables rules like below:
ACCEPT tcp -- eee.fff.ggg.hhh aaa.bbb.ccc.ddd tcp dpt:80
DROP tcp -- 0.0.0.0/0 aaa.bbb.ccc.ddd tcp dpt:80
aaa.bbb.ccc.ddd is my server's ip address, and eee.fff.ggg.hhh is the other server which is the only one allowed to access the port. I noticed that there is inet6 addr setup on my server, and also netstat shows that apache2 is listening on tcp6 address:
tcp6 0 0 :::80 :::* LISTEN
Do I need seperate iptables rule for ipv6 address? If so, how can I do so? I know nothing about ipv6. Thanks! do I must do so? If I don't use ip6tables, will someone bypass the iptable rule and connect to my :80 port through ipv6 address?
iptables only filters IPv4 traffic. Rules setup in iptables will not touch ipv6 traffic and thus you should use ip6tables. At the very least you should set the tables rules to default drop. That way only traffic you have explicitly allowed will be available.
You want to look at ip6tables. HERE is a good short script that would demo some basics