On Mon, 12 Jun 2006, Kevin Loch wrote:
Sam Hartman wrote:
"secIETF" == IETF Secretariat <ietf-secretariat@xxxxxxxx> writes:
secIETF> * Only HTTP, SMTP, FTP, and DNS traffic are permitted
through an IPv6 secIETF> Native firewall (pings, traceroutes
etc. are dropped)
Please make sure that ICMP messages needed for path MTU discovery are
not filtered.
Is there a compelling reason to filter ICMP at all?
IMHO, this is a valid question.
There also happens to be a document,
draft-ietf-v6ops-icmpv6-filtering-recs-00.txt that discusses this very
issue. It might be interesting to have folks read that and provide
feedback to v6ops list (v6ops@xxxxxxxxxxxx) if they think there's
something amiss with it.
The document just passed WG LC.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf