To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following line in '/etc/sysconfig/ip6tables': ':INPUT DROP [0:0]' If changes were required, reload the ip6tables rules: '$ sudo service ip6tables reload' [drop_incoming_pkt/accept_incoming_pkt] In 'ip6tables', the default policy is applied only after all the applicable rules in the table are examined for a match. Setting the default policy to 'DROP' implements proper design for a firewall, i.e. any packets which are not explicitly permitted should not be accepted. oval:org.secpod.oval:def:31026 oval:org.secpod.oval:def:30303 SCAP Repo OVAL Definition 2015-11-13