On 15-jun-2006, at 1:51, Mark Andrews wrote:
* Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6 Native firewall (pings, traceroutes etc. are dropped)
Why? Shouldn't we be prompting good firewall practices?
Droping ICMP was a knee jerk reaction to ICMP echo to directed broadcast addresses. Modern routers can be configured to drop directed broadcast packets.
And all of this doesn't even apply to IPv6, it doesn't even support broadcasts in general or anything resembling directed broadcast. ICMP replies are also supposed to be rate limited in IPv6.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf