IETF Logo Mail Archive

Re: IETF IPv6 platform configuration

Elwyn Davies <elwynd@dial.pipex.com> Mon, 12 June 2006 22:04 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FpuWQ-00048L-My; Mon, 12 Jun 2006 18:04:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FpuWO-00048G-It for ietf@ietf.org; Mon, 12 Jun 2006 18:04:32 -0400
Received: from a.painless.aaisp.net.uk ([2001:8b0:0:81::51bb:5133] helo=smtp.aaisp.net.uk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FpuWO-0007AQ-1V for ietf@ietf.org; Mon, 12 Jun 2006 18:04:32 -0400
Received: from 247.254.187.81.in-addr.arpa ([81.187.254.247] helo=[127.0.0.1]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1FpuWM-0005qr-Ow; Mon, 12 Jun 2006 23:04:30 +0100
Message-ID: <448DE599.2070803@dial.pipex.com>
Date: Mon, 12 Jun 2006 23:07:21 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Kevin Loch <kloch@hotnic.net>
References: <E1FpZqo-00005J-87@ietf.org> <tslbqsygr63.fsf@cz.mit.edu> <448DB926.50306@hotnic.net>
In-Reply-To: <448DB926.50306@hotnic.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.8 (--)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: ietf@ietf.org
Subject: Re: IETF IPv6 platform configuration
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org


Kevin Loch wrote:
> Sam Hartman wrote:
>>>>>>> "secIETF" == IETF Secretariat <ietf-secretariat@ietf.org> writes:
>>     secIETF> *    Only HTTP, SMTP, FTP, and DNS traffic are permitted 
>> through an IPv6     secIETF>         Native firewall (pings, 
>> traceroutes etc. are dropped) 
>>
>> Please make sure that ICMP messages needed for path MTU discovery are
>> not filtered.
>
> Is there a compelling reason to filter ICMP at all?
>
> - Kevin
This is not a trivial problem.  There is a draft in progress which 
recommends what the v6ops wg believes ought to happen.
See 
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-icmpv6-filtering-recs-00.txt
This does include making sure Packet Too Big errors are not dropped so 
that PMTU works,

This is just about to very slightly updated but it is essentially finished.

It would be good if we ate our own dogfood in this case (and we can also 
test whether the draft has the answers right!)

Regards,
Elwyn


>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www1.ietf.org/mailman/listinfo/iet

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email