For example, what is the ipv6 only equivalence of ufw allow 22/tcp
?
UFW documentation does not list valid protocol names, and I could not figure out the protocol name for tcpv6.
1 Answer
To allow IPv6 through the firewall, first perquisite is to add to
/etc/default/ufw
the following line:
IPV6= yes
From now on, the syntax for ufw allow
is exactly the same,
with IPv6 addresses used instead of IPv4.
For example, to allow all link-local addresses :
ufw allow from fe80::/64
-
It does not answer the question. e.g. what is the ipv6 only equivalence of "ufw allow 22/tcp"? Commented Jan 30, 2023 at 11:11
-
As I said, the syntax is exactly the same. If you would like to restrict the port to certain IP or IPs, you may use IPv6 addresses.– harrymcCommented Jan 30, 2023 at 11:34
-
For IPv6, ports work the same as IPv4. Because these are in a new address family, there are now four separate port spaces. For example, there are two TCP port 80 spaces to which an application can bind, one in AF_INET and one in AF_INET6.– harrymcCommented Jan 30, 2023 at 11:34
-
So how make this example to be ipv6 only: "ufw allow 22/tcp"? Commented Jan 31, 2023 at 1:34
-
1The above command works for both. To make it IPv6-only, you need to apply it to a range of IPv6 addresses :
sudo ufw allow from IPv6-range to any port 22
.– harrymcCommented Jan 31, 2023 at 8:48
ufw allow from ::/0 to any port 22 proto tcp