nanog mailing list archives
Re: IPv6 filtering
From: Franck Martin <franck () genius com>
Date: Wed, 26 Jan 2011 18:20:00 +1300 (FJST)
Well we filter icmp due to exploits, if no exploits, then we can let the whole of icmpv6 through. Or is there something terribly dangerous in icmpv6 already? ----- Original Message ----- From: "Roland Dobbins" <rdobbins () arbor net> To: "nanog group" <nanog () nanog org> Sent: Wednesday, 26 January, 2011 6:13:26 PM Subject: Re: IPv6 filtering On Jan 26, 2011, at 12:03 PM, Franck Martin wrote:
Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4.
Be advised, ICMPv6 is *not* like ICMP in IPv4, and knowing what can be filtered, what to filter, and where to filter it is considerably more complex than in IPv4 - which, given the prevalence of broken PMTU-D alone, is apparently not well-understood in many quarters, heh. ------------------------------------------------------------------------ Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay
Current thread:
- IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Paul Graydon (Jan 25)
- Re: IPv6 filtering Seth Mattinen (Jan 25)
- Message not available
- Re: IPv6 filtering Hank Nussbacher (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Owen DeLong (Jan 25)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Michael Loftis (Jan 26)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Mikael Abrahamsson (Jan 25)
- Re: IPv6 filtering Mohacsi Janos (Jan 25)