# Generated by ip6tables-save v1.6.0
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:ICMPv6 - [0:0]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p ipv6-icmp -j ICMPv6
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# 用以vpn访问外网
#-A FORWARD -i tun0 -j ACCEPT
# ICMPv6
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 141 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 142 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 148 -j ACCEPT
-A ICMPv6 -p ipv6-icmp -m icmp6 --icmpv6-type 149 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -j ACCEPT
-A ICMPv6 -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -j ACCEPT
-A ICMPv6 -j RETURN
-A TCP -i tun0 -j ACCEPT
-A UDP -i tun0 -j ACCEPT
COMMIT
# Completed
# Generated by ip6tables-save v1.6.0
*nat
:PREROUTING ACCEPT [320:43404]
:INPUT ACCEPT [117:9932]
:OUTPUT ACCEPT [7:602]
:POSTROUTING ACCEPT [7:602]
COMMIT
# Completed