ufw

Just a quick note to let you know that www.nowhere.dk is now accessible through IPv6 $ host -t AAAA www.nowhere.dk www.nowhere.dk CNAME coredump.nowhere.dk coredump.nowhere.dk AAAA 2001:2010:0:2:0:0:0:DEAD The only thing I had to do was to enable IPv6 in Lighttpd, enable IPv6 in ufw (done in /etc/default/ufw) and then re-add any rules to ufw that affect IPv6 (like web and ssh). The last part is crucial and not very well documented....

Note: This is known to work for a machine acting as masquerading firewall for an entire network. I wanted to block connections to certain outbound ports. After some trial and errors I found something that works Add the following to /etc/ufw/before.rules: -A ufw-before-forward -s <SOURCE IP> ! -d <LOCAL NET>/24 -p tcp -m tcp --dport <DEST PORT> -j DROP it’s as simple as that. Remember to reload all the rules:...