Документація українською/ Адміністрування/ Iptables - мережевий екран netfilter firewall/ ip6tables lo.sh 
    
#!/bin/bash
# 20060623 iptables_acc_lo hse@ukr.net
# Distributed under the terms of the GNU General Public License v2
# Exampel of iptables script for ppp_workstation with bytes accounting,
# 
# instalations:
# /etc/init.d/iptables stop
# ./iptables_acc_lo
# /etc/init.d/iptables save

iptables="/sbin/ip6tables"

#  0  *******************       VARIABLE setup   *****************************
# befor runing this script setup configuration of youre network here:
# begin

#Interface setup
LoopInterface="lo"

#Ip Address setup
LoopIP="::1/128"

#Chack for some kernel modules

#modprobe iptable_nat
#modprobe ip_nat_ftp
#modprobe ip_conntrack
#modprobe ip_contrack_ft
#modprobe ...
# end

# Required proc configuration
# Enable forwarding
#echo 1 > /proc/sys/net/ipv6/ip_forward
# no IP spoofing
#if [ -e /proc/sys/net/ipv6/conf/all/rp_filter ]
#  then
#    for i in /proc/sys/net/ipv6/conf/*/rp_filter
#      do
#       echo 1 > $i
#      done
#fi
# Disable Source Routed Packets
#for i in /proc/sys/net/ipv6/conf/*/accept_source_route
#  do
#    echo 0 > $i
#  done
#echo 0 > /proc/sys/net/ipv6/conf/all/proxy_arp
#echo 0 > /proc/sys/net/ipv6/ip_dynaddr

# fill free to chang next firewall ruls to youre sute

#   I  *******************       FILTERING TABEL ruls           ****************************

# (0) Policies (default)

$iptables -P INPUT DROP
$iptables -P OUTPUT DROP
$iptables -P FORWARD DROP

# (1) User-defined chains for ACCEPTed TCP packets
# from Internet

# (2) INPUT chain rules

# Rules for incoming packets from local computer and broadcast
$iptables -A INPUT -p ALL -i ${LoopInterface} -s ${LoopIP} -j ACCEPT

#TCP rules

# UDP rules

#ICMP rules

#(3) FORWARD chain rules

# ACCEPT packets we wont to forward
# No one

# (4) OUTPUT chain rules

#Only output packets from local addresses no spoofing
$iptables -A OUTPUT -p ALL -o ${LoopInterface} -s ${LoopIP} -j ACCEPT

#  II   *****************       MANGLE TABEL ruls         *****************************

# (0) Policies (default)

#$iptables -t mangle -P PREROUTING DROP
#$iptables -t mangle -P INPUT DROP
#$iptables -t mangle -P FORWARD DROP
#$iptables -t mangle -P OUTPUT DROP
#$iptables -t mangle -P POSTROUTING DROP

# (1) Mangel USER define chain rules

# (2) Mangel PREROUTING chain rules

# Rules for incoming packets from local computer
#$iptables -t mangle -A PREROUTING -p ALL -i ${LoopInterface} -s ${LoopIP} -j ACCEPT

# Rules for incoming packets from Internet

# (3) Mangel INPUT chain rules
#$iptables -t mangle -A INPUT -p ALL -i ${LoopInterface} -s ${LoopIP} -j ACCEPT

# (4) Mangel FORWARD chain rules

# (5) Mangel OUTPUT chain rules
#$iptables -t mangle -A OUTPUT -p ALL -o ${LoopInterface} -s ${LoopIP} -j ACCEPT

# (6) Mangel POSTROUTING chain rules

#Only output packets from local addresses no spoofing
#$iptables -t mangle -A POSTROUTING -p ALL -o ${LoopInterface} -s ${LoopIP} -j ACCEPT

#  III  *****************         NAT TABEL ruls   (NOT IMPLEMENTED YET)       *******************************

# (0) Policies (default)

#$iptables -t nat -P PREROUTING DROP
#$iptables -t nat -P OUTPUT DROP
#$iptables -t nat -P POSTROUTING DROP

# (1) NAT USER define chain rules

# (2) PREROUTING chain rles REDIRECTION and PORTMAPING

#$iptables -t nat -A PREROUTING -p tcp -i ${LoopInterface} -s 0/0 -d ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED --dport 21 -j REDIRECT --to-ports 10021
#$iptables -t nat -A PREROUTING -p tcp -i ${LoopInterface} -s 0/0 -d ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED --dport 22 -j REDIRECT --to-ports 10022
#$iptables -t nat -A PREROUTING -p tcp -i ${LoopInterface} -s 0/0 -d ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED --dport 80 -j REDIRECT --to-ports 10080
#$iptables -t nat -A PREROUTING -p tcp -i ${LoopInterface} -s 0/0 -d ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED --dport 443 -j REDIRECT --to-ports 10443

#INPUT
# Rules for incoming packets from local computer and broadcast
#$iptables -t nat -A PREROUTING -p ALL -i ${LoopInterface} -s ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Rules for incoming packets from Internet

# (3) OUTPUT chain rules
#Only output packets from local addresses no spoofing
#$iptables -t nat -A OUTPUT -p ALL -o ${LoopInterface} -s ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# (4) POSTROUTING chain rules NAT or MASQUERADE

#$iptables -t nat -A POSTROUTING -p ALL -o ${LoopInterface} -s ${LoopIP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

exit 0