#By default don't accept anything
# Allow existing connections to continue and related connections to start
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
To add a network address and port translation function requires a few more rules, but beyond that the implementation complexity is exactly the same.
Which means all of your ipv4 work for a NAT firewall translates seamlessly to an ipv6 stateless firewall. The functionality has existed in the linux kernel since what looks like November of 2005 and was released in 2.6.15 or 2.6.16.
If you look carefully you can even find consumer routers with stateful ipv6 firewalls.
An ipv6 statefull firewall looks just like an ipv4 NAT firewall except it doesn't scramble your ip address and port number.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds