IPv6环境下32400端口访问问题解决方案

很多个人宽带现在都拥有IPv6公网IP，按照IPv4的经验放行32400端口，关闭其他入网请求设置如下

sudo ip6tables -A INPUT -p tcp --dport 32400 -j ACCEPT
sudo ip6tables -A INPUT -j DROP

发现32400端口依然无法正常访问，打印规则后发现流量几乎都走了DROP的规则

Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
 pkts bytes target     prot opt in     out     source               destination         
0 0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:32400
19046 2663K DROP       all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
 pkts bytes target     prot opt in     out     source               destination

经过查询发现IPv6数据通行会大量使用fe80::/16进行通信，具体原因没有去验证，添加以下规则后可以实现32400端口的正常访问

sudo ip6tables -I INPUT -s fe80::0/16 -j ACCEPT
sudo ip6tables -I INPUT -d fe80::0/16 -j ACCEPT

最终规则如下

Chain INPUT (policy ACCEPT 116K packets, 994M bytes)
 pkts bytes target     prot opt in     out     source               destination         
12841 1817K ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:32400
 5805 1836K ACCEPT     all      *      *       fe80::/16            ::/0                
    0     0 ACCEPT     all      *      *       ::/0                 fe80::/16           
19046 2663K DROP       all      *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 175K packets, 403M bytes)
 pkts bytes target     prot opt in     out     source               destination