[135495] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IPv6 filtering

daemon@ATHENA.MIT.EDU (Seth Mattinen)
Wed Jan 26 00:24:29 2011

Date: Tue, 25 Jan 2011 21:20:20 -0800
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <9FC10AEC-9B96-4BFC-8261-2F6332F616AE@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 1/25/11 9:13 PM, Roland Dobbins wrote:
> 
> On Jan 26, 2011, at 12:03 PM, Franck Martin wrote:
> 
>> Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4. 
> 
> Be advised, ICMPv6 is *not* like ICMP in IPv4, and knowing what can be filtered, what to filter, and where to filter it is considerably more complex than in IPv4 - which, given the prevalence of broken PMTU-D alone, is apparently not well-understood in many quarters, heh.
> 


Also, try to resist popular opinion in outright blocking of ICMP - it's
not really that evil.

~Seth


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[135495] in North American Network Operators' Group

Re: IPv6 filtering

daemon@ATHENA.MIT.EDU (Seth Mattinen)Wed Jan 26 00:24:29 2011

daemon@ATHENA.MIT.EDU (Seth Mattinen)
Wed Jan 26 00:24:29 2011