Requirements for IPv6 Firewalls

William Herrin bill at
Fri Apr 18 18:20:20 UTC 2014

On Fri, Apr 18, 2014 at 2:06 PM, Simon Perreault <simon at> wrote:
> IMHO, what the IETF can do is recommend a set of behavioural traits that
> make IPv6 firewalls behave like good citizens in the Internet ecosystem.
> Meaning that a firewall that obeys those requirements will not break the
> Internet. For example, passing ICMPv6 Too Big messages is important to
> not break the Internet.

That would either be a very short document or a document so
ideologically loaded that it has no technical utility. The Internet is
pretty resilient. There isn't much a firewall can do to break it.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list