Re: WIndows Updates Fail Via IPv6 - Update!

[Mark Tinka <mark.tinka () seacom mu>]

On 4/Mar/19 09:12, Radu-Adrian Feurdean wrote:

> Can we make a short rule that says: For ICMP, *ALLOW* *ALL* unless you do have a very specific and motivated reason 
> to block some types.
> I would even go as far as "allow all icmp from any to any" (and if possible as the first firewall rule), but I do 
> understand that may make some people have hives.

Not to be the wet blanket, but we've be crying about this since before I
knew what CLI meant, and it either didn't work or has gotten even worse.
That is how we ended up with all manner of hacks to work around failure
to reliably deliver PTB messages.

We've been crying about the same during the IPv6 era, and we appear to
be running the same hacks for it too. Is there any reason to expect
things to change given the continued "crying about it" approach? Just
look at what I had to (unhappily) do over the weekend :-(.

I don't have the answers yet, but just because it now ends with a "6",
doesn't mean we shall necessarily drop our IPv4 bad habits. Perhaps it's
time to consider a different approach, if we don't want to resign
ourselves to the death of ICMP as we know it, and simply talking about
what could have been had its full potential been realized.

Mark.