Re: IETF IPv6 platform configuration

On 15-jun-2006, at 1:51, Mark Andrews wrote:

*       Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6
        Native firewall (pings, traceroutes etc. are dropped)

        Why?  Shouldn't we be prompting good firewall practices?

        Droping ICMP was a knee jerk reaction to ICMP echo to
        directed broadcast addresses.  Modern routers can be
        configured to drop directed broadcast packets.

And all of this doesn't even apply to IPv6, it doesn't even supportbroadcasts in general or anything resembling directed broadcast. ICMPreplies are also supposed to be rate limited in IPv6.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Last Call: 'Proposed Experiment: Normative Format in Addition to ASCII Text' to Experimental RFC (draft-ash-alt-formats), Spencer Dawkins

Next by Date:

Re: Last Call: 'Proposed Experiment: Normative Format in Addition to ASCII Text' to Experimental RFC (draft-ash-alt-formats), John C Klensin

Previous by Thread:

Re: IETF IPv6 platform configuration, Mark Andrews

Next by Thread:

Re: IETF IPv6 platform configuration, Joe Touch

Indexes:

[Date] [Thread] [Top] [All Lists]