How to make Ip6tables output drop rules to work

devesh joshi

1/25/23, 7:51 PM

I have an openvpn setup on my server where my openvpn interface is tun0 and normal internet interface is eth0. I am trying to drop all outgoing packets from server with destination in range 2a03:2880:f11c::/32. These packets are received from openvpn clients and are internally forwarded to eth0 which sends them out. For this I tried rule

sudo ip6tables -A OUTPUT -d 2a03:2880:f11c::/32 -j DROP -p icmpv6

which is not working. If I use rule

sudo ip6tables -A FORWARD -d 2a03:2880:f11c::/32 -j DROP -p icmpv6

it works and drops the packets but then I am not able to intercept these packets on eth0 which I am trying to do. I just want packets going out of eth0 to outside to be dropped. How do I achieve this?

0 + 0

networking

iptables

Michael Hampton

1/25/23, 7:59 PM

You can't capture such packets on eth0 because they have already been dropped! Capture them on tun0 instead.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to make Ip6tables output drop rules to work

TH: วิธีทำให้กฎการปล่อยเอาต์พุต Ip6tables ทำงาน

RO: Cum să funcționeze regulile de eliminare a ieșirii Ip6tables

RU: Как заставить работать правила сброса вывода Ip6tables

VI: Cách làm cho quy tắc thả đầu ra của Ip6tables hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.