[rfc-dist] RFC 4890 on Recommendations for Filtering ICMPv6 Messages in Firewalls

[rfc-editor at rfc-editor.org (rfc-editor@rfc-editor.org)]

A new Request for Comments is now available in online RFC libraries.

        
        RFC 4890

        Title:      Recommendations for Filtering ICMPv6 Messages 
                    in Firewalls 
        Author:     E. Davies, J. Mohacsi
        Status:     Informational
        Date:       May 2007
        Mailbox:    elwynd at dial.pipex.com, 
                    mohacsi at niif.hu
        Pages:      38
        Characters: 83479
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-v6ops-icmpv6-filtering-recs-03.txt

        URL:        http://www.rfc-editor.org/rfc/rfc4890.txt

In networks supporting IPv6, the Internet Control Message Protocol
version 6 (ICMPv6) plays a fundamental role with a large number of
functions, and a correspondingly large number of message types and
options.  ICMPv6 is essential to the functioning of IPv6, but there
are a number of security risks associated with uncontrolled
forwarding of ICMPv6 messages.  Filtering strategies designed for the
corresponding protocol, ICMP, in IPv4 networks are not directly
applicable, because these strategies are intended to accommodate a
useful auxiliary protocol that may not be required for correct
functioning.

This document provides some recommendations for ICMPv6 firewall
filter configuration that will allow propagation of ICMPv6 messages
that are needed to maintain the functioning of the network but drop
messages that are potential security risks.  This memo provides 
information for the Internet community.

This document is a product of the IPv6 Operations
Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community. 
It does not specify an Internet standard of any kind. Distribution
of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST at IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST at RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info at RFC-EDITOR.ORG with the message body 

help: ways_to_get_rfcs. For example:

        To: rfc-info at RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager at RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR at RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


The RFC Editor Team
USC/Information Sciences Institute

...