On 15-jun-2006, at 1:51, Mark Andrews wrote:
* Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6
Native firewall (pings, traceroutes etc. are dropped)
Why? Shouldn't we be prompting good firewall practices?
Droping ICMP was a knee jerk reaction to ICMP echo to
directed broadcast addresses. Modern routers can be
configured to drop directed broadcast packets.
And all of this doesn't even apply to IPv6, it doesn't even support
broadcasts in general or anything resembling directed broadcast. ICMP
replies are also supposed to be rate limited in IPv6.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf