From f0804e5184ec2bd3391b949a68cb2bac4e591cc5 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sun, 26 Jun 2016 00:57:32 -0500
Subject: [PATCH] Remove IP6Tables rules

- Not needed for the VPN to work
---
 docs/uninstall-zh.md |  2 --
 docs/uninstall.md    |  2 --
 vpnsetup.sh          | 31 -------------------------------
 vpnsetup_centos.sh   | 26 --------------------------
 4 files changed, 61 deletions(-)

diff --git a/docs/uninstall-zh.md b/docs/uninstall-zh.md
index f637558..8f9bfa2 100644
--- a/docs/uninstall-zh.md
+++ b/docs/uninstall-zh.md
@@ -39,13 +39,11 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
 编辑 `/etc/iptables.rules` 并删除不需要的规则。   
 你以前的防火墙规则（如果有）会备份在 `/etc/iptables.rules.old-日期-时间`。   
 另外如果文件 `/etc/iptables/rules.v4` 存在，请编辑它。   
-如果使用 IPv6 ，还需编辑 `/etc/ip6tables.rules` 和/或 `/etc/iptables/rules.v6`。
 
 ### CentOS/RHEL
 
 编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。   
 你以前的防火墙规则（如果有）会备份在 `/etc/sysconfig/iptables.old-日期-时间`。   
-如果使用 IPv6 ，还需编辑 `/etc/sysconfig/ip6tables`。
 
 ## 第四步
 
diff --git a/docs/uninstall.md b/docs/uninstall.md
index bb2adab..8c5da78 100644
--- a/docs/uninstall.md
+++ b/docs/uninstall.md
@@ -39,13 +39,11 @@ rm -f /etc/init.d/ipsec /lib/systemd/system/ipsec.service
 Edit `/etc/iptables.rules` and remove unneeded rules.   
 Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`.   
 In addition, edit `/etc/iptables/rules.v4` if the file exists.   
-If using IPv6, also edit `/etc/ip6tables.rules` and/or `/etc/iptables/rules.v6`.
 
 ### CentOS/RHEL
 
 Edit `/etc/sysconfig/iptables` and remove unneeded rules.   
 Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.   
-If using IPv6, also edit `/etc/sysconfig/ip6tables`.
 
 ## Fourth step
 
diff --git a/vpnsetup.sh b/vpnsetup.sh
index f9e29e3..5a49400 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -392,29 +392,6 @@ if [ -f /etc/iptables/rules.v4 ]; then
 fi
 fi
 
-# Create basic IPv6 rules
-if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then
-/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$sys_dt" 2>/dev/null
-cat > /etc/ip6tables.rules <<EOF
-# Added by hwdsl2 VPN script
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i lo -j ACCEPT
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -m rt --rt-type 0 -j DROP
--A INPUT -s fe80::/10 -j ACCEPT
--A INPUT -p ipv6-icmp -j ACCEPT
--A INPUT -j DROP
-COMMIT
-EOF
-if [ -f /etc/iptables/rules.v6 ]; then
-/bin/cp -f /etc/iptables/rules.v6 "/etc/iptables/rules.v6.old-$sys_dt"
-/bin/cp -f /etc/ip6tables.rules /etc/iptables/rules.v6
-fi
-fi
-
 # Load IPTables rules at system boot
 mkdir -p /etc/network/if-pre-up.d
 cat > /etc/network/if-pre-up.d/iptablesload <<EOF
@@ -423,12 +400,6 @@ iptables-restore < /etc/iptables.rules
 exit 0
 EOF
 
-cat > /etc/network/if-pre-up.d/ip6tablesload <<EOF
-#!/bin/sh
-ip6tables-restore < /etc/ip6tables.rules
-exit 0
-EOF
-
 # Start services at boot
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
 /bin/cp -f /etc/rc.local "/etc/rc.local.old-$sys_dt" 2>/dev/null
@@ -450,12 +421,10 @@ sysctl -e -q -p
 # Update file attributes
 chmod +x /etc/rc.local
 chmod +x /etc/network/if-pre-up.d/iptablesload
-chmod +x /etc/network/if-pre-up.d/ip6tablesload
 chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 
 # Apply new IPTables rules
 iptables-restore < /etc/iptables.rules
-ip6tables-restore < /etc/ip6tables.rules >/dev/null 2>&1
 
 # Restart services
 service fail2ban stop >/dev/null 2>&1
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 890a59b..d050cbd 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -146,11 +146,6 @@ yum -y install ppp xl2tpd
 # Install Fail2Ban to protect SSH
 yum -y install fail2ban
 
-# Install IP6Tables
-if grep -qs "release 6" /etc/redhat-release; then
-  yum -y install iptables-ipv6
-fi
-
 # Installed Libevent2
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
@@ -391,25 +386,6 @@ iptables-save >> /etc/sysconfig/iptables
 fi
 fi
 
-# Create basic IPv6 rules
-if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then
-/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$sys_dt" 2>/dev/null
-cat > /etc/sysconfig/ip6tables <<EOF
-# Added by hwdsl2 VPN script
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i lo -j ACCEPT
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A INPUT -m rt --rt-type 0 -j DROP
--A INPUT -s fe80::/10 -j ACCEPT
--A INPUT -p ipv6-icmp -j ACCEPT
--A INPUT -j DROP
-COMMIT
-EOF
-fi
-
 # Create basic Fail2Ban rules
 if [ ! -f /etc/fail2ban/jail.local ] ; then
 cat > /etc/fail2ban/jail.local <<EOF
@@ -435,7 +411,6 @@ cat >> /etc/rc.local <<EOF
 
 # Added by hwdsl2 VPN script
 iptables-restore < /etc/sysconfig/iptables
-ip6tables-restore < /etc/sysconfig/ip6tables
 service fail2ban restart
 service ipsec start
 service xl2tpd start
@@ -457,7 +432,6 @@ chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 
 # Apply new IPTables rules
 iptables-restore < /etc/sysconfig/iptables
-ip6tables-restore < /etc/sysconfig/ip6tables >/dev/null 2>&1
 
 # Restart services
 service fail2ban stop >/dev/null 2>&1