Service users are allowed to add custom firewall rules. To do so place configuration files containing iptables rules in the directory local at /var/lib/iptables/rules.d/filter or /var/lib/ip6tables/rules.d/filter according the appropriate iptables chain. The filenames have to start with at least two digits and are joined together by ascending numbers.

For example, to add a ruleset for outgoing IPv6 connections, place a configuration file at /var/lib/ip6tables/rules.d/filter/OUTPUT/local/60custom

Altered configuration files are activated on a regular basis by a cron job every 10 minutes. Alternatively, service users (or those with sudo-srv permissions) can trigger an update run manually:

sudo localconfig