Re: IETF IPv6 platform configuration
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF IPv6 platform configuration

> *	Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6 
>         Native firewall (pings, traceroutes etc. are dropped)  

	Why?  Shouldn't we be prompting good firewall practices?

	Droping ICMP was a knee jerk reaction to ICMP echo to
	directed broadcast addresses.  Modern routers can be
	configured to drop directed broadcast packets.  The need
	to block ICMP has long gone.  All it does is make debugging
	the network harder.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.