[v6ops] [Errata Verified] RFC4890 (3985)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 19 May 2014 14:34 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B2FC1A00F0; Mon, 19 May 2014 07:34:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.953
X-Spam-Level:
X-Spam-Status: No, score=-101.953 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_26=0.6, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nI92DzlqJa2; Mon, 19 May 2014 07:34:28 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id DA6081A008D; Mon, 19 May 2014 07:34:28 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id F25E7180016; Mon, 19 May 2014 07:34:22 -0700 (PDT)
To: jamesrobertson@live.com, elwynd@dial.pipex.com, mohacsi@niif.hu
X-PHP-Originating-Script: 1005:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20140519143422.F25E7180016@rfc-editor.org>
Date: Mon, 19 May 2014 07:34:22 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/Mz9VvTYAs10d2p35S3lZgLhOzo8
Cc: v6ops@ietf.org, iesg@ietf.org, rfc-editor@rfc-editor.org
Subject: [v6ops] [Errata Verified] RFC4890 (3985)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 14:34:30 -0000
The following errata report has been verified for RFC4890, "Recommendations for Filtering ICMPv6 Messages in Firewalls". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=4890&eid=3985 -------------------------------------- Status: Verified Type: Technical Reported by: James Robertson <jamesrobertson@live.com> Date Reported: 2014-05-13 Verified by: Joel Jaeggli (IESG) Section: Appendix B Original Text ------------- if [ "$STATE_ENABLED" -eq "1" ] then # Allow incoming time exceeded code 0 messages # only for existing sessions for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -m state -p icmpv6 \ -d $inner_prefix \ --state ESTABLISHED,RELATED --icmpv6-type packet-too-big \ -j ACCEPT done else # Allow incoming time exceeded code 0 messages for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -p icmpv6 -d $inner_prefix \ --icmpv6-type ttl-zero-during-transit -j ACCEPT done fi Corrected Text -------------- if [ "$STATE_ENABLED" -eq "1" ] then # Allow incoming time exceeded code 0 messages # only for existing sessions for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -m state -p icmpv6 \ -d $inner_prefix \ --state ESTABLISHED,RELATED --icmpv6-type ttl-zero-during-transit \ -j ACCEPT done else # Allow incoming time exceeded code 0 messages for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -p icmpv6 -d $inner_prefix \ --icmpv6-type ttl-zero-during-transit -j ACCEPT done fi Notes ----- RFC 4890 Errata ID 2706 states that icmpv6-type packet-too-big should state icmpv6-type ttl-zero-during-transmit. This should read ttl-zero-during-transit. -------------------------------------- RFC4890 (draft-ietf-v6ops-icmpv6-filtering-recs-03) -------------------------------------- Title : Recommendations for Filtering ICMPv6 Messages in Firewalls Publication Date : May 2007 Author(s) : E. Davies, J. Mohacsi Category : INFORMATIONAL Source : IPv6 Operations Area : Operations and Management Stream : IETF Verifying Party : IESG
- [v6ops] [Technical Errata Reported] RFC4890 (3985) RFC Errata System
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Fred Baker (fred)
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… joel jaeggli
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Elwyn Davies
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Fred Baker (fred)
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Suresh Krishnan
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Mohacsi Janos
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Fred Baker (fred)
- [v6ops] [Errata Verified] RFC4890 (3985) RFC Errata System
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… joel jaeggli
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… Elwyn Davies
- Re: [v6ops] [Technical Errata Reported] RFC4890 (… joel jaeggli