[ipv6hackers] Operational ICMPv6 Filtering
daniel.bartram at bt.com
daniel.bartram at bt.com
Thu May 31 15:30:02 CEST 2012
Thanks Simon. This particular ACL was for a WAN facing link towards an ISP infrastructure where a static /127 is used. I wasn't sure, but I didn't think blocking type 4 would have any affect at all?
Dan.
-----Original Message-----
From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-bounces at lists.si6networks.com] On Behalf Of Simon Perreault
Sent: 31 May 2012 14:24
To: ipv6hackers at lists.si6networks.com
Subject: Re: [ipv6hackers] Operational ICMPv6 Filtering
On 2012-05-31 09:12, daniel.bartram at bt.com wrote:
> So as far as I'm aware, my ACL wouldn't affect the operation of IPv6 at all... Of course, I could be wrong?
As others have said, don't reinvent the wheel. Look at this:
http://tools.ietf.org/html/rfc4890#section-4.3
From the list of things that MUST NOT be dropped, you're missing type 4 codes 1 and 2. (unrecognized next header, unrecognized ipv6 option)
Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
More information about the Ipv6hackers
mailing list