Network technology-IPv6 applications for Linux networks (2)

Article title: Network Technology-IPv6 applications for Linux networks (2 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
-F: clear all predefined rules;
　　
-X: kills all tables created by users ).
　　
-Z: returns the count and traffic statistics of all chains to zero.
　　
(2) establish policies
　　
# Ip6tables [-t tables] [-P] [INPUT, OUTPUT, FORWARD, PREROUTING, OUTPUT, POSTROUTING] [ACCEPT, DROP] [-p TCP, UDP] [-s IP/network] [-- sport ports] [-d IP/network] [-- dport ports]-j
　　
Parameter description:
　　
-T: defines a table ).
　　
Tables: table name,
　　
-P: defines the Policy ).
　　
INPUT: the data packet is the direction of the INPUT host;
　　
OUTPUT: the data packet is the direction of the OUTPUT host;
　　
FORWARD: The direction in which data packets are transmitted out of the host;
　　
PREROUTING: work performed before the route entry;
　　
OUTPUT: the data packet is the direction of the OUTPUT host;
　　
POSTROUTING: work performed after entering the route.
　　
TCP: TCP packet.
　　
UDP: UDP data packets;
　　
-S: IP address or network of the source data packet.
　　
-- Sport: port number of the source data packet.
　　
-D: IP address or network of the target host.
　　
-- Dport: the port number of the target host.
　　
ACCEPT: ACCEPT this packet.
　　
DROP: drops data packets.
　　
(3) example:
　　
1. allow ICMPv6 data packets to enter the host (that is, you can Ping the Ipv6 address of the host ):
　　
#/Sbin/ip6tables-a input-I sit +-p icmpv6-j ACCEPT
　　
2. allow ICMPv6 data packets to be output from the host:
　　
# Ip6tables-a output-o sit +-p icmpv6-j ACCEPT
　　
3. the IP address allowed is 3ffe: ffff: 100: 1/128. SSH is used for data.
　　
# Ip6tables-a input-I sit +-p tcp-s 3ffe: ffff: 100: 1/128 -- sport 512: 65535
　　
? -- Dport 22-j ACCEPT
　　
The full name of SSH is Secure SHell. By using SSH, you can encrypt all transmitted data so that the "intermediate server" attack method is impossible and can also prevent DNS and IP spoofing. Another advantage is that the data transmitted is compressed, which can speed up transmission. SSH has many functions. it can replace telnet and provide a secure "channel" for ftp, pop, and even ppp ". SSH is bound to port 22, and its connections are encrypted using RSA through negotiation. After the authentication is complete, all subsequent traffic is encrypted using IDEA. The SSH (Secure Shell) program can log on to the remote host over the network and execute commands. The SSH encrypted tunnel only protects the security of intermediate transmission, so that any common sniffing tool software cannot obtain the sent content.
　　
Security tools for IPv6 networks
　　
Nmap is released under the Free Software Foundation's GNU General Public License (GPL). it is developed and maintained by Fyodor and can be downloaded from www.insecure.org/nmap for free. Nmap is an excellent port scanning tool running on a single host and a large network. it features high speed, security, and can bypass the firewall. It supports multiple protocols, such as TCP, UDP, and ICMP. Nmap also has many high performance and reliability features, such as dynamic latency computing, packet timeout re-transmission, parallel port scanning, and detection of host failure through parallel ping6. It supports IPv6. Download link: http://gd.tuwien.ac.at/infosys/security/nmap/nmap-3.48.tgz
　　
The nmap Installation and compilation process is as follows:
　　
# Tar zxvf nmap-3.48.tgz
　　
# Cd nmap-3.48
　　
#./Configure; # make install