Re: IETF IPv6 platform configuration
Elwyn Davies <elwynd@dial.pipex.com> Mon, 12 June 2006 22:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FpuWQ-00048L-My; Mon, 12 Jun 2006 18:04:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FpuWO-00048G-It for ietf@ietf.org; Mon, 12 Jun 2006 18:04:32 -0400
Received: from a.painless.aaisp.net.uk ([2001:8b0:0:81::51bb:5133] helo=smtp.aaisp.net.uk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FpuWO-0007AQ-1V for ietf@ietf.org; Mon, 12 Jun 2006 18:04:32 -0400
Received: from 247.254.187.81.in-addr.arpa ([81.187.254.247] helo=[127.0.0.1]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1FpuWM-0005qr-Ow; Mon, 12 Jun 2006 23:04:30 +0100
Message-ID: <448DE599.2070803@dial.pipex.com>
Date: Mon, 12 Jun 2006 23:07:21 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Kevin Loch <kloch@hotnic.net>
References: <E1FpZqo-00005J-87@ietf.org> <tslbqsygr63.fsf@cz.mit.edu> <448DB926.50306@hotnic.net>
In-Reply-To: <448DB926.50306@hotnic.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: ietf@ietf.org
Subject: Re: IETF IPv6 platform configuration
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Kevin Loch wrote: > Sam Hartman wrote: >>>>>>> "secIETF" == IETF Secretariat <ietf-secretariat@ietf.org> writes: >> secIETF> * Only HTTP, SMTP, FTP, and DNS traffic are permitted >> through an IPv6 secIETF> Native firewall (pings, >> traceroutes etc. are dropped) >> >> Please make sure that ICMP messages needed for path MTU discovery are >> not filtered. > > Is there a compelling reason to filter ICMP at all? > > - Kevin This is not a trivial problem. There is a draft in progress which recommends what the v6ops wg believes ought to happen. See http://www.ietf.org/internet-drafts/draft-ietf-v6ops-icmpv6-filtering-recs-00.txt This does include making sure Packet Too Big errors are not dropped so that PMTU works, This is just about to very slightly updated but it is essentially finished. It would be good if we ate our own dogfood in this case (and we can also test whether the draft has the answers right!) Regards, Elwyn > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/iet _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- Re: IETF IPv6 platform configuration Sam Hartman
- Re: IETF IPv6 platform configuration Kevin Loch
- Re: IETF IPv6 platform configuration Pekka Savola
- Re: IETF IPv6 platform configuration Elwyn Davies
- IETF IPv6 platform configuration IETF Secretariat
- Re: IETF IPv6 platform configuration Mark Andrews
- Re: IETF IPv6 platform configuration Iljitsch van Beijnum
- Re: IETF IPv6 platform configuration Joe Touch
- Re: IETF IPv6 platform configuration IETF Secretariat
- Re: IETF IPv6 platform configuration Tom.Petch
- RE: IETF IPv6 platform configuration Hallam-Baker, Phillip
- RE: IETF IPv6 platform configuration Hallam-Baker, Phillip
- Re: IETF IPv6 platform configuration Ken Raeburn
- RE: IETF IPv6 platform configuration Jeffrey Hutzelman
- Re: IETF IPv6 platform configuration Bill Fenner
- RE: IETF IPv6 platform configuration Lindberg, Jon
- Re: IETF IPv6 platform configuration Jeffrey Hutzelman
- Re: IETF IPv6 platform configuration Bill Fenner