IPv6 Firewall/Security on OVZ
What do you do to secure IPv6 ports of your OpenVZ boxes?
It's not a problem to configure an iptables for IPv4. But when it comes to the IPv6... sigh Yes, you can install ip6tables. But most nodes doesn't have the support even for STATE module in kernel for IPv6. Means you have only basic firewall functions. But most of the services usually will listen on all interfaces/IPs (including IPv6) by default.
Means for example if you firewalled SSH on the IPv4, it will usually still stays open on IPv6 connections. If you enable DROP policy for the IPv6 INPUT tables, this will break your IPv6 connectivity, as no reverse packets will be passing through. And most of the times you cannot add the common automagical "-m state --state RELATED,ESTABLISHED -j ACCEPT". At least LEB boxes I've tried (except for the FRH - respect!) don't have a modules for ip6tables.
Lets assume you are using your LEB box for a single "public" service. Like webhosting, minecraft, etc.
So I wonder how to secure this point? Ask your provider to build some IPv6 modules and setup a correct firewalling on IPv6 (not everyone will agree)? Use a basic ip6tables as stateless firewall (rules are sick this way)? Disable IPv6 listening for private services (like SSH)? Don't care for now because IPv6 are rarely targeted by hackbots?