[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IETF IPv6 platform configuration

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: IETF IPv6 platform configuration
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 13 Jun 2006 11:26:16 +0200
Cc: Kevin Loch <kloch@hotnic.net>, v6ops@ops.ietf.org, Elwyn Davies <elwynd@dial.pipex.com>
In-reply-to: <Pine.LNX.4.64.0606130000450.1412@netcore.fi>
References: <E1FpZqo-00005J-87@ietf.org> <tslbqsygr63.fsf@cz.mit.edu> <448DB926.50306@hotnic.net> <Pine.LNX.4.64.0606130000450.1412@netcore.fi>

On 12-jun-2006, at 23:03, Pekka Savola wrote:

Is there a compelling reason to filter ICMP at all?

IMHO, this is a valid question.


Don't bother thinking about an answer, people are going to do it anyway.

An important problem with all kinds of filtering in IPv6 is that mostfilters don't support the "protocol chain" concept so if you have afragment header or an AH header or some such between the IPv6 headerand the payload protocol, you're out of luck and the payload protocolisn't recognized.

There also happens to be a document, draft-ietf-v6ops-icmpv6-filtering-recs-00.txt that discusses this very issue. It might beinteresting to have folks read that and provide feedback to v6opslist (v6ops@ops.ietf.org) if they think there's something amisswith it.

Please use "hop limit" rather than "hop count" as the former is theofficial name of the field.

And do we really need 34 pages just to say "if you're so paranoidthat you want to filter ICMPv6, at least have the sense to let theseones through"?


We live in an age of information overload, conciseness is a virtue!

Follow-Ups:
- Re: IETF IPv6 platform configuration
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: RE: I-D ACTION:draft-ietf-v6ops-addcon-00.txt
Next by Date: Re: IETF IPv6 platform configuration
Previous by thread: Re: V6OPS - Requested session has been scheduled for IETF 66
Next by thread: Re: IETF IPv6 platform configuration
Index(es):
- Date
- Thread