Re: IETF IPv6 platform configuration
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IETF IPv6 platform configuration
Kevin Loch wrote:
Sam Hartman wrote:
"secIETF" == IETF Secretariat <ietf-secretariat at ietf.org> writes:
secIETF> * Only HTTP, SMTP, FTP, and DNS traffic are permitted
through an IPv6 secIETF> Native firewall (pings,
traceroutes etc. are dropped)
Please make sure that ICMP messages needed for path MTU discovery are
not filtered.
Is there a compelling reason to filter ICMP at all?
- Kevin
This is not a trivial problem. There is a draft in progress which
recommends what the v6ops wg believes ought to happen.
See
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-icmpv6-filtering-recs-00.txt
This does include making sure Packet Too Big errors are not dropped so
that PMTU works,
This is just about to very slightly updated but it is essentially finished.
It would be good if we ate our own dogfood in this case (and we can also
test whether the draft has the answers right!)
Regards,
Elwyn
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/iet
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
