I finally got an ISP connection with working IPv6 and now I need to add
firewall rules for forwarding connections from my LAN to the WAN. I'm using
firewalld to handle the high-level description that gets translated to
iptables/ip6tables on CentOS 7.
Of course, with IPv6, one doesn't do NAT, so the usual masquerade target
doesn't make sense. But I want similar connection logic, with no inbound
connections allowed to LAN clients and all outbound connections allowed.
How does one express this in either firewalld or its ip6tables "direct
rules"?
I don't currently need port-forwarding to internal servers but, for
completeness, what would such rules look like?
