Re: IETF IPv6 platform configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



All,

Thank you for your feedback and request.  By default, our practice is to
disable these functions until there is a justified need/request.  We
have enabled ICMP echo, ICMP traceroute, and UDP traceroute.

Once again, we encourage and look forward to your responses and
requests.

The IETF Secretariat.

   ****************************

   > 
   > -----Original Message-----
   > From: Joe Touch [mailto:touch@xxxxxxx] 
   > Sent: Thursday, June 15, 2006 11:56 AM
   > To: Iljitsch van Beijnum
   > Cc: wgchairs@xxxxxxxx; Mark Andrews; ietf@xxxxxxxx
   > Subject: Re: IETF IPv6 platform configuration
   > 
   > 
   > 
   > Iljitsch van Beijnum wrote:
   > > On 15-jun-2006, at 1:51, Mark Andrews wrote:
   > > 
   > >>
   > >>> *    Only HTTP, SMTP, FTP, and DNS traffic are permitted 
   > through an IPv6
   > >>>         Native firewall (pings, traceroutes etc. are dropped)
   > > 
   > >>     Why?  Shouldn't we be prompting good firewall practices?
   > > 
   > >>     Droping ICMP was a knee jerk reaction to ICMP echo to
   > >>     directed broadcast addresses.  Modern routers can be
   > >>     configured to drop directed broadcast packets.
   > > 
   > > And all of this doesn't even apply to IPv6, it doesn't even support
   > > broadcasts in general or anything resembling directed 
   > broadcast. ICMP
   > > replies are also supposed to be rate limited in IPv6.
   > 
   > IPv4 too. There are other reasons to drop them at firewalls (net
   > mapping, protecting other protocols), but I agree we ought to be an
   > example of the best the Internet can provide, not the most paranoid.
   > 
   > Joe
   > 
   > 

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]