What is the most restrictive way to allow IPv6 ICMP requests on iptables?

This is what I have so far but it is pretty open.

-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT

If you have time, explaining the rules would be amazing.

Go to Source
Author: sunknudsen

Strange ICMP packet

I have an Ubuntu server with iptables that only allows echo request and reply for ICMP and log and drop other ICMP traffic. There is an always on SSH connection between this server and another Ubuntu server using autossh with static IP address on both ends. So the traffic is pretty much predictable between these two servers. Today I saw a very strange ICMP packet:

IN=eth0 OUT= SRC=w.x.y.z DST=a.b.c.d LEN=96 TOS=0x00 PREC=0x00 TTL=250 ID=59072
[SRC=a.b.c.d DST=e.f.g.h LEN=360 TOS=0x08 PREC=0x20 TTL=1 ID=56477 PROTO=TCP SPT=3435 DPT=49728 WINDOW=107 RES=0x00 ACK PSH URGP=0 ]

My Server IP: a.b.c.d

Peer Server IP: e.f.g.h

Packet came from: w.x.y.z

what is this packet trying to do?

Go to Source
Author: Ken

Circumventing Local Subnet Control Restrictions with Iptables

I have three wireless speakers that, for security reasons, only permit local subnet control. My network is setup such that the wired and wireless devices are on separate subnets, so right now the speakers cannot be used from the wired clients. I can setup a Ubuntu 18.04 virtual machine with interfaces in both subnets, but am not familiar enough with iptables to configure the forwarding correctly.

The speakers have IP addresses,, and The wired clients exist in the subnet. Each speaker needs to have two ports (8000, 9000) reflected. My reflection virtual machine has interfaces in both subnets, and What is the correct iptables setup to do the following: -> via -> via -> via -> via -> via -> via

Does this setup make sense? Short of changing out the speakers for ones that are more compatible with my network setup, is there an easier way to do this that I did not think of?


Go to Source
Author: user986713