IPv6 filtering

Seth Mattinen sethm at rollernet.us
Tue Jan 25 23:20:20 CST 2011


On 1/25/11 9:13 PM, Roland Dobbins wrote:
> 
> On Jan 26, 2011, at 12:03 PM, Franck Martin wrote:
> 
>> Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4. 
> 
> Be advised, ICMPv6 is *not* like ICMP in IPv4, and knowing what can be filtered, what to filter, and where to filter it is considerably more complex than in IPv4 - which, given the prevalence of broken PMTU-D alone, is apparently not well-understood in many quarters, heh.
> 


Also, try to resist popular opinion in outright blocking of ICMP - it's
not really that evil.

~Seth




More information about the NANOG mailing list