[v6ops] [Technical Errata Reported] RFC4890 (2706)
RFC Errata System <rfc-editor@rfc-editor.org> Sun, 06 February 2011 13:26 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 824B63A6778 for <v6ops@core3.amsl.com>; Sun, 6 Feb 2011 05:26:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.001
X-Spam-Level:
X-Spam-Status: No, score=-101.001 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, J_CHICKENPOX_26=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSPEU1S-G7dk for <v6ops@core3.amsl.com>; Sun, 6 Feb 2011 05:26:16 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1890:1112:1::2f]) by core3.amsl.com (Postfix) with ESMTP id E23CC3A6A50 for <v6ops@ietf.org>; Sun, 6 Feb 2011 05:26:10 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 9F888E0701; Sun, 6 Feb 2011 05:26:12 -0800 (PST)
To: elwynd@dial.pipex.com, mohacsi@niif.hu, dromasca@avaya.com, rbonica@juniper.net, fred.baker@cisco.com, joelja@bogus.com, kurtis@kurtis.pp.se
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20110206132612.9F888E0701@rfc-editor.org>
Date: Sun, 06 Feb 2011 05:26:12 -0800
X-Mailman-Approved-At: Sun, 06 Feb 2011 09:17:45 -0800
Cc: phil.whineray@gmail.com, v6ops@ietf.org, rfc-editor@rfc-editor.org
Subject: [v6ops] [Technical Errata Reported] RFC4890 (2706)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Feb 2011 13:26:17 -0000
The following errata report has been submitted for RFC4890, "Recommendations for Filtering ICMPv6 Messages in Firewalls". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=4890&eid=2706 -------------------------------------- Type: Technical Reported by: Phil Whineray <phil.whineray@gmail.com> Section: Appendix B. Original Text ------------- if [ "$STATE_ENABLED" -eq "1" ] then # Allow incoming time exceeded code 0 messages # only for existing sessions for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -m state -p icmpv6 \ -d $inner_prefix \ --state ESTABLISHED,RELATED --icmpv6-type packet-too-big \ -j ACCEPT done else # Allow incoming time exceeded code 0 messages for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -p icmpv6 -d $inner_prefix \ --icmpv6-type ttl-zero-during-transit -j ACCEPT done fi Corrected Text -------------- if [ "$STATE_ENABLED" -eq "1" ] then # Allow incoming time exceeded code 0 messages # only for existing sessions for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -m state -p icmpv6 \ -d $inner_prefix \ --state ESTABLISHED,RELATED --icmpv6-type ttl-zero-during-transmit \ -j ACCEPT done else # Allow incoming time exceeded code 0 messages for inner_prefix in $INNER_PREFIXES do ip6tables -A icmpv6-filter -p icmpv6 -d $inner_prefix \ --icmpv6-type ttl-zero-during-transit -j ACCEPT done fi Notes ----- Not sure if this is really editorial as it is in the example code, not the main RFC. In any case, the example incorrectly specifies an icmpv6 type in one code path. Instructions: ------------- This errata is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC4890 (draft-ietf-v6ops-icmpv6-filtering-recs-03) -------------------------------------- Title : Recommendations for Filtering ICMPv6 Messages in Firewalls Publication Date : May 2007 Author(s) : E. Davies, J. Mohacsi Category : INFORMATIONAL Source : IPv6 Operations Area : Operations and Management Stream : IETF Verifying Party : IESG
- [v6ops] [Technical Errata Reported] RFC4890 (2706) RFC Errata System