All you fans of mindlessly blocking ICMP traffic are going to be in trouble if you try that strategy with IPv6. Luckily this month RFC 4890: Recommendations for Filtering ICMPv6 Messages in Firewalls was just published. This Informational RFC provides concrete guidance using these categories:
- Traffic That Must Not Be Dropped
- Traffic That Normally Should Not Be Dropped
- Traffic That Will Be Dropped Anyway -- No Special Attention Needed
- Traffic for Which a Policy Should Be Defined
- Traffic That Should Be Dropped Unless a Good Case Can Be Made
This is a nice reference for those who wish to implement some degree of control over ICMPv6, which is an integral part of IPv6 and not something one can blindly block.
0 komentar:
Posting Komentar