From 65f74cd13da3d9cc852db1637ec61ce019ec1815 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sun, 29 Oct 2017 20:39:10 +0100
Subject: testing: Added legacy ipv6-stroke scenarios

---
 .../hosts/dave/etc/ip6tables.rules                   | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules

(limited to 'testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules')

diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT  -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT  -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT  -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
-- 
cgit v1.2.3