Configuring IP6tables

Content Gateway can be configured to support IPv6.

To configure IP6tables firewall, Content Gateway requires that an IPv6 port be open for each protocol that is used for IPv4.

All IPv4 ports that are handed internally by the software are also handled when IPv6 is enabled. Any configurable IPv4 port should be added to IP6tables when IPv6 is enabled in Content Gateway Manager.

For example, include the following rule if you have multiple instances of Content Gateway in a cache hierarchy:

ip6tables -i <MGMT_NIC> -I INPUT -p udp --dport 3130 -j ACCEPT

Also, the following rules are optional and can be used to enhance the security of your Content Gateway deployment when IPv6 is enabled.

ip6tables --policy INPUT DROP 
ip6tables --policy OUTPUT ACCEPT 
ip6tables --policy FORWARD DROP
ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT