All, Thank you for your feedback and request. By default, our practice is to disable these functions until there is a justified need/request. We have enabled ICMP echo, ICMP traceroute, and UDP traceroute. Once again, we encourage and look forward to your responses and requests. The IETF Secretariat. **************************** > > -----Original Message----- > From: Joe Touch [mailto:touch@xxxxxxx] > Sent: Thursday, June 15, 2006 11:56 AM > To: Iljitsch van Beijnum > Cc: wgchairs@xxxxxxxx; Mark Andrews; ietf@xxxxxxxx > Subject: Re: IETF IPv6 platform configuration > > > > Iljitsch van Beijnum wrote: > > On 15-jun-2006, at 1:51, Mark Andrews wrote: > > > >> > >>> * Only HTTP, SMTP, FTP, and DNS traffic are permitted > through an IPv6 > >>> Native firewall (pings, traceroutes etc. are dropped) > > > >> Why? Shouldn't we be prompting good firewall practices? > > > >> Droping ICMP was a knee jerk reaction to ICMP echo to > >> directed broadcast addresses. Modern routers can be > >> configured to drop directed broadcast packets. > > > > And all of this doesn't even apply to IPv6, it doesn't even support > > broadcasts in general or anything resembling directed > broadcast. ICMP > > replies are also supposed to be rate limited in IPv6. > > IPv4 too. There are other reasons to drop them at firewalls (net > mapping, protecting other protocols), but I agree we ought to be an > example of the best the Internet can provide, not the most paranoid. > > Joe > > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf