Re: Problem with ipv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dňa 8. októbra 2024 21:18:14 UTC používateľ Martin Brampton <martin@xxxxxxxxxxxxxxxxxxxxxxxx> napísal:

>Is this a sensible rule?
>
>                  icmpv6 type { destination-unreachable, packet-too-big,
>time-exceeded, parameter-problem, echo-request, mld-listener-query,
>nd-router-solicit, nd-router-advert, nd-neighbor-solicit,
>nd-neighbor-advert } accept

For IPv6 here is one simple rule: you must not block NDP, nor in INPUT,
nor in OUTPUT, it will make your life more easy. When you understand
NDP in more details, you can limit it for more security, if not, just allow
all icmpv6. Do not try to be too smart, othervise you will break IPv6.

regards


-- 
Slavko
https://www.slavino.sk/





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux