Re: IPV6 in enterprise best practices/white papaers

["Justin M. Streiner" <streiner () cluebyfour org>]

On Mon, 28 Jan 2013, Doug Barton wrote:

> On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
> >  - configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
>
> Hopefully that did not included filtering ICMPv6? :)

The level of IPv6 support in firewalls has been all over the place, even 
from vendors who have known IPv6 was coming for a long time ;)

I published a minimum IPv6 firewall ruleset for Cisco ASAs a while back on 
some other lists and got only a little feedback, so for the benefit of the 
NANOG community, I offer up:

http://www.cluebyfour.org/ipv6/

I will be testing the transition from 8.x to 9.x code in my lab as soon as 
this week, so I should have some updated to publish very soon.

Likewise, I'm in the process of getting a DHCPv6 server spun up as well, 
so I'll have some updates to publish there as well.

As always, suggestions and constructive feedback are always welcome.

jms