6wall User Guide
Prev Part I. HOWTO Next

6wall User Guide

Eric de Thouars

Revision History
Revision 1.0June 2003
Initial document

Table of Contents

About 6wall
What is 6wall?
Limitations
Feedback
Acknowledgments and Thanks
Changelog
Getting started
Reading up
Installing the 6wall.lrp package
Configuring 6wall
Overview
Zone defintions
Interface definitions
Policy definitions
Rule definitions
Finishing up
Controlling 6wall
Overview
Starting and stopping
Information and status
Dynamic blacklisting
Further information
Reference
Components
/etc/6wall/params6
/etc/6wall/zones6
/etc/6wall/interfaces6
/etc/6wall/hosts6
/etc/6wall/policy6
/etc/6wall/rules6
/etc/6wall/common6.def
/etc/6wall/6wall.conf
/etc/6wall/modules6
/etc/6wall/blacklist6
/etc/6wall/sitelocal

About 6wall

What is 6wall?

6wall is for IPv6 what Shorewall is for IPv4

Never heard of Shorewall? Then I suggest that you first get acquainted with this excellent iptables based firewall for IPv4 at www.shorewall.net. 6wall is heavily based on Shorewall 1.4, in fact most of the work on 6wall has been to convert the functionalities for IPv4 in Shorewall to their IPv6 equivalent.

6wall is a Netfilter (ip6tables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

Although 6wall is Linux distribution independant, currently only a ready to use package for Linux Embedded Appliance Firewalls (LEAF) is available. It is currently distributed as part of the Bering-uClibc branch of LEAF.

Limitations

6wall is based on ip6tables, which currently doesn't support as many features as iptables. Therefore a number of options/features of Shorewall could not be converted to their IPv6 counterpart in 6wall. Below is an overview of the main limitations of 6wall/ip6tables compared to Shorewall/iptables:

  • No support for connection tracking

  • Allowed policies are ACCEPT, DROP, CONTINUE and NONE

  • Allowed actions for rules are ACCEPT, DROP, CONTINUE and LOG

  • Policies and actions REJECT, REDIRECT are not supported

  • Log target ULOG is not supported

  • Network Address Translation (SNAT and DNAT) is not available

More detailed information on the available options/features can be found in the 6wall reference manual.

Feedback

Comments on 6wall and the 6wall user guide should be addressed to its maintainer: Eric de Thouars .

Acknowledgments and Thanks

I would like to thank Tom Eastep for his work on Shorewall. Without his very structured programming style it would never have been possible for me to produce 6wall.

A lot of the 6wall documentation has been taken from Tom's site and adapted to reflect the changes I made from Shorewall to 6wall. In most cases the documentation and examples for Shorewall can directly be applied to 6wall by just replacing the IPv4 addresses with IPv6 addresses. Therefore this user guide will mainly give a global overview of 6wall, refer to Shorewall for most documentation and examples, and focus explicitly on the areas where 6wall and Shorewall differ.

Please don't bother Tom with 6wall questions, only Shorewall related questions should be directed to him !!!

Changelog

Current LEAF/LRP version: 1.0.1 - August 6, 2003

For changes since previous versions check the Changelog.

Prev Up Next
Part I. HOWTO Home Getting started