nanog mailing list archives
Re: IPv6 filtering
From: Mohacsi Janos <mohacsi () niif hu>
Date: Wed, 26 Jan 2011 08:55:37 +0100 (CET)
On Wed, 26 Jan 2011, Franck Martin wrote:
? ipv6 41 IPv6 # IPv6 ? ipv6-route 43 IPv6-Route # Routing Header for IPv6 ? ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 ? ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 ? ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 ? ipv6-icmp 58 IPv6-ICMP icmpv6 icmp6 # ICMP for IPv6 ? ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 ? ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4. But what about the others, should they be blocked, restricted? Does a ios "deny ipv6 any any" affect them?
Have a look at RFC 4890 Recommendations for Filtering ICMPv6 Messages in Firewalls.
Regards,
Janos Mohacsi
Current thread:
- IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Paul Graydon (Jan 25)
- Re: IPv6 filtering Seth Mattinen (Jan 25)
- Message not available
- Re: IPv6 filtering Hank Nussbacher (Jan 25)
- Re: IPv6 filtering Franck Martin (Jan 25)
- Re: IPv6 filtering Roland Dobbins (Jan 25)
- Re: IPv6 filtering Owen DeLong (Jan 25)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Michael Loftis (Jan 26)
- Re: IPv6 filtering Mark D. Nagel (Jan 25)
- Re: IPv6 filtering Mikael Abrahamsson (Jan 25)
- Re: IPv6 filtering Mohacsi Janos (Jan 25)