This kind of setup is very complex and fragile during updates if you aren't experienced with the ins and outs of networking in Ubuntu. Sadly there haven't found any good tools for performing these functions on vanilla Ubuntu install but there are lots of Ubuntu dirivatives that offer the functionality you describe. You may want to checkout Untangle, or my personal favorite pfSense (FreeBSD based has many advanced features). They are both great solutions but I recommend pfSense because it has some more advanced networking features that require a support license to use in Untangle. Both install and function very well inside Virtualbox for testing so that might be a good place to start.
If you really want to go through with this the hard way, I would strongly recommend this book http://www.amazon.com/gp/aw/d/0137081332 . It has lots of great information and will help you get started.
Update: one other thing I would recommend if doing it by hand, learn how to use a version control system and track your configuration files with it. Git, Murcurial, SVN, doesn't matter; it will save your life if you need to roll back a change that breaks something or track changes made to your configuration by an overzealous update package.
Add this to your kernel line in your boot loader to disable IPv6 altogether:
ipv6.disable=1
If you're using Grub (if you haven't installed your own boot-loader, then you are using Grub), your kernel line should look something like this:
linux /boot/vmlinuz-linux root=UUID=978e3e81-8048-4ae1-8a06-aa727458e8ff ipv6.disable=1
The recommended approach, for adding something to the kernel line, is to add the desired kernel parameter to the GRUB_CMDLINE_LINUX_DEFAULT
variable in the /etc/default/grub
file:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
Once you've added that to /etc/default/grub
, run the following command to regenerate your grub.cfg
:
sudo grub-mkconfig -o /boot/grub/grub.cfg
Alternatively, adding ipv6.disable_ipv6=1
instead will keep the IPv6 stack functional but will not assign IPv6 addresses to any of your network devices.
OR
To disable IPv6 via sysctl, place the following into your /etc/sysctl.conf
file:
net.ipv6.conf.all.disable_ipv6 = 1
Don't forget to comment out any IPv6 hosts in your /etc/hosts
file:
#::1 localhost.localdomain localhost
NOTE
a reboot may be required for the sysctl method, and a reboot is definitely required for the kernel line approach.
OR
To temporarily disable ipv6:
sysctl -w net.ipv6.conf.all.disable_ipv6=1
To temporarily enable it:
sysctl -w net.ipv6.conf.all.disable_ipv6=0
So if you need to disable ipv6 on a given condition, then write a bash script somewhere along these lines:
#!/bin/bash
ipv6_disabled="$(sysctl net.ipv6.conf.all.disable_ipv6 | awk '{print $NF}')"
if (connected_to_vpn &> /dev/null); then
(($ipv6_disabled)) || sysctl -w net.ipv6.conf.all.disable_ipv6=1
else
(($ipv6_disabled)) && sysctl -w net.ipv6.conf.all.disable_ipv6=0
fi
NOTE
You might need to disable any ipv6 hosts in your /etc/hosts
file for this method too, just as I recommended in the previous method.
Best Answer
Here is one easy way to do it. My answer is going to assume that you have disabled all other firewall rules / packages you have tried.
Ubuntu has a nice very simple command line interface to "iptables" (Linux firewall) which is call UFW for Uncomplicated FireWall.
simply do this:
you'll see that your firewall is currently inactive:
"Status: inactive"
if you then issue the following command:
you'll then get this message if it worked:
"Firewall is active and enabled on system startup"
Final Thoughts / Wrap Up:
Honestly this is all you'll probably need as the default ufw policy allows all outbound traffic (i.e. you surfing, downloading, etc) and blocks all inbound traffic to your box.
If you wanted to allow say... ssh/scp connections to your box/laptop for some reason you could simple add a rule such as this:
In my opinion the syntax / commands are very simple and a gui app or overlay isn't bad, but not necessarily needed for what you seem to be wanting to achieve.
For more info check out the community docs on UFW here: https://help.ubuntu.com/community/UFW
I hope this has been helpful. =)
##### EDIT ##### (adding this in case people don't see my comment reply below and to add a resource link)
If you are wanting to open up certain ports click this link and look up all the ports you need (tcp and/or udp) for the services you listed: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Then to open that port up from anywhere to your machine do this:
or
If you only want to open it up to ONLY your home 192.168.1.x network you could do this:
or