On Mon, 12 Jun 2006, Kevin Loch wrote:
Sam Hartman wrote:
"secIETF" == IETF Secretariat <[EMAIL PROTECTED]> writes:
secIETF> * Only HTTP, SMTP, FTP, and DNS traffic are permitted through an IPv6 secIETF> Native firewall (pings, traceroutes etc. are dropped)
Please make sure that ICMP messages needed for path MTU discovery are
not filtered.

Is there a compelling reason to filter ICMP at all?

IMHO, this is a valid question.

There also happens to be a document, draft-ietf-v6ops-icmpv6-filtering-recs-00.txt that discusses this very issue. It might be interesting to have folks read that and provide feedback to v6ops list (v6ops@ops.ietf.org) if they think there's something amiss with it.

The document just passed WG LC.

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Ietf mailing list

Reply via email to