* Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6
Native firewall (pings, traceroutes etc. are dropped)
Why? Shouldn't we be prompting good firewall practices?
Droping ICMP was a knee jerk reaction to ICMP echo to
directed broadcast addresses. Modern routers can be
configured to drop directed broadcast packets. The need
to block ICMP has long gone. All it does is make debugging
the network harder.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf