*filter
# default policy is DROP
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP
# allow ICMPv6 neighbor-solicitations
-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
# allow ICMPv6 neighbor-advertisements
-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
# log dropped packets
-A INPUT -j LOG --log-prefix " IN: "
-A OUTPUT -j LOG --log-prefix " OUT: "
COMMIT
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>