run ip6tables -N accept-non-init-frag
run ip6tables -A accept-non-init-frag -j RETURN \
-m frag --fragfirst
-run ip6tables -A accept-non-init-frag -j ACCEPT
+run ip6tables -A accept-non-init-frag -j ACCEPT \
+ -m ipv6header --header frag
m4_divert(20)m4_dnl
## allowservices CHAIN PROTO SERVICE ...
ntpchain=$1; shift
clearchain ntp-servers
- for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
- run iptables -A $ntpchain -j ntp-servers \
+ for ntp; do
+ case $ntp in *:*) ipt=ip6tables ;; *) ipt=iptables ;; esac
+ run $ipt -A ntp-servers -j ACCEPT -s $ntp;
+ done
+ run ip46tables -A $ntpchain -j ntp-servers \
-p udp --source-port 123 --destination-port 123
}