diff --git a/Pi-hole---OpenVPN-server.md b/Pi-hole---OpenVPN-server.md index 561537b..b73c2f0 100644 --- a/Pi-hole---OpenVPN-server.md +++ b/Pi-hole---OpenVPN-server.md @@ -146,4 +146,40 @@ num pkts bytes target prot opt in out source destina Chain OUTPUT (policy ACCEPT 83 packets, 11305 bytes) num pkts bytes target prot opt in out source destination -while there might be other rules in your table. Note that the order of the list entries matters! \ No newline at end of file +while there might be other rules in your table. Note that the order of the list entries matters! + +--- +### Optional: IPv6 + +Note that you will have to repeat the firewall setup using `ip6tables` if your server is also reachable via IPv6: + +``` +sudo ip6tables -A INPUT -i tun0 -p tcp --destination-port 53 -j ACCEPT +sudo ip6tables -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT +sudo ip6tables -A INPUT -i tun0 -p udp --destination-port 53 -j ACCEPT +sudo ip6tables -A INPUT -i tun0 -p udp --destination-port 80 -j ACCEPT +sudo ip6tables -A INPUT -p tcp --destination-port 53 -j DROP +sudo ip6tables -A INPUT -p tcp --destination-port 80 -j DROP +sudo ip6tables -A INPUT -p udp --destination-port 53 -j DROP +sudo ip6tables -A INPUT -p udp --destination-port 80 -j DROP +``` + +``` +sudo ip6tables -L +Chain INPUT (policy ACCEPT) +target prot opt source destination +ACCEPT tcp anywhere anywhere tcp dpt:domain +ACCEPT tcp anywhere anywhere tcp dpt:http +ACCEPT udp anywhere anywhere udp dpt:domain +ACCEPT udp anywhere anywhere udp dpt:http +DROP tcp anywhere anywhere tcp dpt:domain +DROP tcp anywhere anywhere tcp dpt:http +DROP udp anywhere anywhere udp dpt:domain +DROP udp anywhere anywhere udp dpt:http + +Chain FORWARD (policy ACCEPT) +target prot opt source destination + +Chain OUTPUT (policy ACCEPT) +target prot opt source destination +``` \ No newline at end of file