diff --git a/roles/common/templates/00-base.conf.j2 b/roles/common/templates/00-base.conf.j2
index bf796d9b908f6073d5a7a43d968945d1ca87d77a..7472d14e87bdcfb02ce3a7a1e64176037194d31f 100644
--- a/roles/common/templates/00-base.conf.j2
+++ b/roles/common/templates/00-base.conf.j2
@@ -1,34 +1,77 @@
-table filter {
-    chain INPUT {
-        policy DROP;
-        interface lo ACCEPT;
-        # Make sure not to allow flooding via ICMP ping packages by sending them
-        # to flood chain before state module kicks in.
-        proto icmp icmp-type echo-request jump flood;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-        # For TCP packages we perform floods checks after state module took care
-        # of established and related connections.
-        proto tcp tcp-flags (FIN SYN RST ACK) SYN jump flood;
-        # Accept some common incoming connections.
-        proto icmp icmp-type echo-request ACCEPT;
-        proto tcp dport 22 ACCEPT;
+# IPv4
+domain ip {
+    table filter {
+        chain INPUT {
+            policy DROP;
+            interface lo ACCEPT;
+            # Make sure not to allow flooding via ICMP ping packages by sending them
+            # to flood chain before state module kicks in.
+            proto icmp icmp-type echo-request jump flood;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+            # For TCP packages we perform floods checks after state module took care
+            # of established and related connections.
+            proto tcp tcp-flags (FIN SYN RST ACK) SYN jump flood;
+            # Accept some common incoming connections.
+            proto icmp icmp-type echo-request ACCEPT;
+            proto tcp dport 22 ACCEPT;
+        }
+
+        # The flood chain is used for controlling the rate of the incoming connections.
+        chain flood {
+            # Rate-limit the ping requests.
+            proto icmp icmp-type echo-request {
+                mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
+                    hashlimit-mode srcip hashlimit-name icmp RETURN;
+                DROP;
+            }
+            # Rate-limit the TCP connections.
+            proto tcp tcp-flags (FIN SYN RST ACK) SYN {
+                mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
+                    hashlimit-mode srcip hashlimit-name icmp RETURN;
+                LOG;
+                DROP;
+            }
+        }
     }
+}
 
-    # The flood chain is used for controlling the rate of the incoming connections.
-    chain flood {
-        # Rate-limit the ping requests.
-        proto icmp icmp-type echo-request {
-            mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
-                hashlimit-mode srcip hashlimit-name icmp RETURN;
-            DROP;
+# IPv6, same as IPv4 config, with addition of a couple of ICMP packets.
+domain ip6 {
+    table filter {
+        chain INPUT {
+            policy DROP;
+            interface lo ACCEPT;
+            # Make sure not to allow flooding via ICMP ping packages by sending them
+            # to flood chain before state module kicks in.
+            proto icmp icmp-type echo-request jump flood;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+            # For TCP packages we perform floods checks after state module took care
+            # of established and related connections.
+            proto tcp tcp-flags (FIN SYN RST ACK) SYN jump flood;
+            # ICMPv6 packets required for proper functioning of IPv6.
+            proto icmp icmp-type router-advertisement ACCEPT;
+            proto icmp icmp-type neighbor-solicitation ACCEPT;
+            proto icmp icmp-type neighbor-advertisement ACCEPT;
+            # Accept some common incoming connections.
+            proto icmp icmp-type echo-request ACCEPT;
+            proto tcp dport 22 ACCEPT;
         }
-        # Rate-limit the TCP connections.
-        proto tcp tcp-flags (FIN SYN RST ACK) SYN {
-            mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
-                hashlimit-mode srcip hashlimit-name icmp RETURN;
-            LOG;
-            DROP;
+
+        # The flood chain is used for controlling the rate of the incoming connections.
+        chain flood {
+            # Rate-limit the ping requests.
+            proto icmp icmp-type echo-request {
+                mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
+                    hashlimit-mode srcip hashlimit-name icmp RETURN;
+                DROP;
+            }
+            # Rate-limit the TCP connections.
+            proto tcp tcp-flags (FIN SYN RST ACK) SYN {
+                mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
+                    hashlimit-mode srcip hashlimit-name icmp RETURN;
+                LOG;
+                DROP;
+            }
         }
     }
-
 }