#!/bin/sh

iptables -F
ip6tables -F

iptables -I INPUT 1 -s 10.1.60.50 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP

iptables -I FORWARD 1 -m u32 --u32 "3&0x80>>7=1" -j DROP
iptables -I FORWARD 1 -d 192.168.1.1 -j DROP

iptables -I OUTPUT 1 -d 10.1.60.50 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -P OUTPUT DROP

ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
 
ip6tables -I FORWARD -m u32 --u32 "0&0x000fffff=0x000bad1e" -j DROP
ip6tables -I INPUT -m u32 --u32 "0&0x000fffff=0x000bad1e" -j DROP
ip6tables -I OUTPUT -m u32 --u32 "0&0x000fffff=0x000bad1e" -j DROP

ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A OUTPUT -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -j ACCEPT


ip6tables -A INPUT -d ff00::/8 -j ACCEPT
ip6tables -A OUTPUT -d ff00::/8 -j ACCEPT
