Re: IETF IPv6 platform configuration

*     Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6 
        Native firewall (pings, traceroutes etc. are dropped)


        Why?  Shouldn't we be prompting good firewall practices?

        Droping ICMP was a knee jerk reaction to ICMP echo to
        directed broadcast addresses.  Modern routers can be
        configured to drop directed broadcast packets.  The need
        to block ICMP has long gone.  All it does is make debugging
        the network harder.

        Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Last Call: 'Proposed Experiment: Normative Format in Addition to ASCII Text' to Experimental RFC (draft-ash-alt-formats), Robert Sayre

Next by Date:

Re: Best practice for data encoding?, Joe Touch

Previous by Thread:

Re: IETF IPv6 platform configuration, Elwyn Davies

Next by Thread:

Re: IETF IPv6 platform configuration, Iljitsch van Beijnum

Indexes:

[Date] [Thread] [Top] [All Lists]