IETF Logo Mail Archive

Re: IETF IPv6 platform configuration

Pekka Savola <pekkas@netcore.fi> Mon, 12 June 2006 21:03 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FptZl-0005iW-5n; Mon, 12 Jun 2006 17:03:57 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FptZj-0005hH-F6 for ietf@ietf.org; Mon, 12 Jun 2006 17:03:55 -0400
Received: from eunet-gw.ipv6.netcore.fi ([2001:670:86:3001::1] helo=netcore.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FptZj-0005ut-15 for ietf@ietf.org; Mon, 12 Jun 2006 17:03:55 -0400
Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060308/8.12.11) with ESMTP id k5CL36dN001973; Tue, 13 Jun 2006 00:03:06 +0300
Date: Tue, 13 Jun 2006 00:03:06 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: Kevin Loch <kloch@hotnic.net>
In-Reply-To: <448DB926.50306@hotnic.net>
Message-ID: <Pine.LNX.4.64.0606130000450.1412@netcore.fi>
References: <E1FpZqo-00005J-87@ietf.org> <tslbqsygr63.fsf@cz.mit.edu> <448DB926.50306@hotnic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Virus-Scanned: ClamAV 0.88.2/1532/Mon Jun 12 01:57:47 2006 on otso.netcore.fi
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.1.2
X-Spam-Checker-Version: SpamAssassin 3.1.2 (2006-05-25) on otso.netcore.fi
X-Spam-Score: -2.8 (--)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc: ietf@ietf.org
Subject: Re: IETF IPv6 platform configuration
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

On Mon, 12 Jun 2006, Kevin Loch wrote:
> Sam Hartman wrote:
>>>>>>> "secIETF" == IETF Secretariat <ietf-secretariat@ietf.org> writes:
>>     secIETF> *	Only HTTP, SMTP, FTP, and DNS traffic are permitted 
>> through an IPv6     secIETF>         Native firewall (pings, traceroutes 
>> etc. are dropped) 
>> 
>> Please make sure that ICMP messages needed for path MTU discovery are
>> not filtered.
>
> Is there a compelling reason to filter ICMP at all?

IMHO, this is a valid question.

There also happens to be a document, 
draft-ietf-v6ops-icmpv6-filtering-recs-00.txt that discusses this very 
issue.  It might be interesting to have folks read that and provide 
feedback to v6ops list (v6ops@ops.ietf.org) if they think there's 
something amiss with it.

The document just passed WG LC.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email