Re: IETF IPv6 platform configuration

To: Mark Andrews <Mark_Andrews at isc.org>
Subject: Re: IETF IPv6 platform configuration
From: Iljitsch van Beijnum <iljitsch at muada.com>
Date: Thu, 15 Jun 2006 09:28:21 +0200
Cc: wgchairs at ietf.org, ietf at ietf.org
In-reply-to: <200606142351.k5ENpLpa005766@drugs.dv.isc.org>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <200606142351.k5ENpLpa005766@drugs.dv.isc.org>

On 15-jun-2006, at 1:51, Mark Andrews wrote:

*	Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6
        Native firewall (pings, traceroutes etc. are dropped)

Why? Shouldn't we be prompting good firewall practices?

	Droping ICMP was a knee jerk reaction to ICMP echo to
	directed broadcast addresses.  Modern routers can be
	configured to drop directed broadcast packets.

And all of this doesn't even apply to IPv6, it doesn't even support broadcasts in general or anything resembling directed broadcast. ICMP replies are also supposed to be rate limited in IPv6.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: IETF IPv6 platform configuration
  - From: Joe Touch

References:
- Re: IETF IPv6 platform configuration
  - From: Mark Andrews

Prev by Date: Re: Last Call: 'Proposed Experiment: Normative Format in Addition to ASCII Text' to Experimental RFC (draft-ash-alt-formats)
Next by Date: Re: Last Call: 'Proposed Experiment: Normative Format in Addition to ASCII Text' to Experimental RFC (draft-ash-alt-formats)
Previous by thread: Re: IETF IPv6 platform configuration
Next by thread: Re: IETF IPv6 platform configuration
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: IETF IPv6 platform configuration

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.