From: Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>
Subject: Unify IPv4 and IPv6 default setup to allow all outgoing traffic,
  and traffic on trusted and loopback interfaces. This helps preventing
  applications relying on loopback connections (e.g. wxmaxima) for being
  broken.
Origin: upstream, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596170#30,
  backported to 1.9.2k by Michael Hanke
Bug-Debian: http://bugs.debian.org/596170
--- a/bin/arno-iptables-firewall
+++ b/bin/arno-iptables-firewall
@@ -4369,22 +4369,36 @@
 
   # When IPv4 support is active, disable IPv6 traffic
   if [ "$IPV6_SUPPORT" = "1" ]; then
-    echo "NOTE: IPv6 support enabled, setting default policy for IPv4 to DROP"
+    echo "NOTE: IPv6 support enabled, setting simple default policy for IPv4"
     ip4tables -P INPUT DROP
     ip4tables -P FORWARD DROP
-    ip4tables -P OUTPUT DROP
-  else
+    ip4tables -P OUTPUT ACCEPT
+
+    ip4tables -A INPUT -i lo -j ACCEPT
+    ip4tables -A FORWARD -i lo -j ACCEPT
+
+    IFS=' ,'
+    for interface in $INT_IF $TRUSTED_IF; do
+      ip4tables -A INPUT -i $interface -j ACCEPT
+    done
+  elif sysctl -a 2>/dev/null |grep -q "^net.ipv6.conf"; then
     # IPv6 support available on the system?
-    if sysctl -a 2>/dev/null |grep -q "^net.ipv6.conf"; then
-      if [ -x "$IP6TABLES" ]; then
-        echo "NOTE: IPv4 support enabled, setting default policy for IPv6 to DROP"
-        ip6tables -P INPUT DROP
-        ip6tables -P FORWARD DROP
-        ip6tables -P OUTPUT DROP
-      else
-        printf "\033[40m\033[1;31mWARNING: IPv4 support enabled, but unable to set the default policy\033[0m\n" >&2
-        printf "\033[40m\033[1;31m         for IPv6 to DROP as the ip6tables-binary is not available!\033[0m\n" >&2
-      fi
+    if [ -x "$IP6TABLES" ]; then
+      echo "NOTE: IPv4 support enabled, setting simple default policy for IPv6"
+      ip6tables -P INPUT DROP
+      ip6tables -P FORWARD DROP
+      ip6tables -P OUTPUT ACCEPT
+
+      ip6tables -A INPUT -i lo -j ACCEPT
+      ip6tables -A FORWARD -i lo -j ACCEPT
+
+      IFS=' ,'
+      for interface in $INT_IF $TRUSTED_IF; do
+        ip6tables -A INPUT -i $interface -j ACCEPT
+      done
+    else
+      printf "\033[40m\033[1;31mWARNING: IPv4 support enabled, but unable to set the default policy\033[0m\n" >&2
+      printf "\033[40m\033[1;31m         for IPv6 to DROP as the ip6tables-binary is not available!\033[0m\n" >&2
     fi
   fi
 
