nanog mailing list archives
IPv6 filtering at network edge?
From: Pete Ashdown <pashdown () xmission com>
Date: Sat, 13 Mar 2021 13:18:18 -0700
I'm tightening up some network-edge filters, and in the process of testing filtering with IPv6, I found that there is a lot of ICMP link-local (fe80::) to ff02:: activity at an IX. Is any of this necessary? I am wary of over-filtering that cuts down functionality and doesn't increase security. What of the IANA-reserved IPv6 addresses can be safely blocked on ingress/egress at the network edge?
Current thread:
- IPv6 filtering at network edge? Pete Ashdown (Mar 16)
- Re: IPv6 filtering at network edge? Saku Ytti (Mar 16)
- Re: IPv6 filtering at network edge? Mark Tinka (Mar 16)
- RE: [EXTERNAL]:Re: IPv6 filtering at network edge? ERCIN TORUN (Mar 17)
- Re: IPv6 filtering at network edge? Saku Ytti (Mar 16)