I have the following iptables rules for a CentOS7 web server. I would like to get ip6tables equivalent rules for them. Please let me know, if any changes are required between these and ip6tables rules -
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
(tcp flag NONE packets)
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
(syn attacks, new connection without communication of purpose)
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
(XMAS packet)
iptables -A INPUT -i lo -j ACCEPT
(allow localhost)
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
(allow port 80)
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
(allow port 443)
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
(allow ssh at port 22)
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
(drop pings asking for address)
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
(drop pings asking for timestamp)
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/second -j ACCEPT
(allow max 5 pings per second, beyond that, pings will be dropped, to prevent ping flooding)
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
(allow established and once connected connections)
iptables -P OUTPUT ACCEPT
(allow all outgoing packets)
iptables -P INPUT DROP
(disallow all incoming packets, except the ones stated above)
