On Sun, Jun 3, 2012 at 11:20 PM, Jimmy Hess <mysi...@gmail.com> wrote: > On 6/3/12, Jeroen Massar <jer...@unfix.org> wrote: >> If one is so stupid to just block ICMP then one should also accept that one >> loses functionality. > ICMP tends to get blocked by firewalls by default; There are > legitimate reasons to block ICMP, esp w V6. Security device > manufacturers tend to indicate all the "lost functionality" is > optional functionality not required for a working device. >
In case security policy folks need a reference on what ICMPv6 functionality is required for IPv6 to work correctly, please reference http://www.ietf.org/rfc/rfc4890.txt CB