First off, what the ***** is ICMPv6? It stands for Internet Control Message Protocol version 6 and it’s basically just a way for devices on your network to communicate with each other using packets that contain information about errors or other issues. For example, if you try to ping a device that doesn’t exist, the ICMPv6 packet will tell you that the destination is unreachable.
Now IPTables in Kali Linux. This is a firewall tool that allows us to control incoming and outgoing traffic on our network. We can use it to block certain types of packets or allow them through based on specific criteria like source IP address, destination port number, etc.
So how do we set up ICMPv6 with IPTables in Kali Linux? First, let’s make sure that ICMPv6 is enabled by running the following command:
# This script enables ICMPv6 with IPTables in Kali Linux by setting up forwarding and creating a custom configuration file.
# First, we need to add a line to the custom configuration file to enable forwarding.
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.d/99-custom.conf
# Then, we use the sysctl command to reload the configuration file and apply the changes.
sysctl -p /etc/sysctl.d/99-custom.conf
This will add a line to the sysctl configuration file and reload it so that ICMPv6 is enabled on all interfaces.
Next, let’s create some rules in IPTables to allow incoming and outgoing traffic for ICMPv6 packets:
# This script adds rules to IPTables to allow incoming and outgoing ICMPv6 traffic.
# Allow incoming ICMPv6 echo requests (ping)
iptables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
# -A: appends the rule to the end of the specified chain
# INPUT: specifies the chain to which the rule will be added
# -p: specifies the protocol to match
# icmpv6: the protocol to match
# --icmpv6-type: specifies the type of ICMPv6 packet to match
# echo-request: the type of ICMPv6 packet to match
# -j: specifies the target action to take if the packet matches the rule
# ACCEPT: the target action to accept the packet
# Allow outgoing ICMPv6 echo replies (ping response)
iptables -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
# -A: appends the rule to the end of the specified chain
# OUTPUT: specifies the chain to which the rule will be added
# -p: specifies the protocol to match
# icmpv6: the protocol to match
# --icmpv6-type: specifies the type of ICMPv6 packet to match
# echo-reply: the type of ICMPv6 packet to match
# -j: specifies the target action to take if the packet matches the rule
# ACCEPT: the target action to accept the packet
These rules will allow incoming and outgoing traffic for ICMPv6 packets that contain the “echo request” or “echo reply” type.
Finally, let’s save our changes to IPTables so they persist across reboots:
#!/bin/bash
# This script saves IPTables rules to a file and loads them at boot time
iptables-save > /etc/iptables.rules # Saves current IPTables rules to a file named "iptables.rules" in the /etc directory
echo "*/5 * * * root iptables-restore < /etc/iptables.rules" >> /etc/crontab # Adds a cron job to the crontab file that will restore the saved IPTables rules every 5 minutes
# Note: The original script had a typo where it used a single ">" instead of ">>" which would overwrite the crontab file instead of appending to it.
# Also, the original script did not specify the full path for the crontab file, which could cause issues with the cron job being properly added.
This will save our IPTables rules to a file and add them to the cron job schedule so they are loaded automatically at boot time.
And that’s it! Now you should be able to ping devices on your network using ICMPv6 packets without any issues. If you have any questions or run into any problems, feel free to ask in the comments below.