Il faut bien prendre conscience d'un truc, quand on a un serveur avec de l'ipv6, certains services comme sshd vont écouter en ipv6 et en ipv4

Si vous avez restreint l'acces au port SSH à certaines ips de confiances, il faut aussi faire l'opération avec ip6tables sinon vous êtes à poil en ipv6

Ce sont deux stacks complètement indépendantes

Description du format d'iptables-save

"This contains a few comments starting with a # sign. Each table is marked like <table-name>, for example mangle. Then within each table we have the chain specifications and rules. A chain specification looks like :<chain-name> <chain-policy> [<packet-counter>:<byte-counter>]. The chain-name may be for example PREROUTING, the policy is described previously and can, for example, be ACCEPT. Finally the packet-counter and byte-counters are the same counters as in the output from iptables -L -v. Finally, each table declaration ends in a COMMIT keyword. The COMMIT keyword tells us that at this point we should commit all rules currently in the pipeline to kernel. "