2013-07-04

Deny incoming packets via IPv6 except from link local address on OS X

ip6fw add 63500 allow tcp from any to any established
ip6fw add 63500 allow ipv6-icmp from any to any
ip6fw add 64000 deny ipv6 from not fe80::/64 to any in
ip6fw add 65000 allow ipv6 from fe80::/64 to any

See also: ip6fw(8)

Published at 2013-07-04 14:56:03 +0900 | Permalink