*filter

# default policy is DROP
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP

# allow ICMPv6 neighbor-solicitations
-A INPUT  -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT

# allow ICMPv6 neighbor-advertisements
-A INPUT  -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT

# log dropped packets
-A INPUT  -j LOG --log-prefix " IN: "
-A OUTPUT -j LOG --log-prefix " OUT: "

COMMIT