@techreport{davies-v6ops-icmpv6-filtering-bcp-00,
    number =    {draft-davies-v6ops-icmpv6-filtering-bcp-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-davies-v6ops-icmpv6-filtering-bcp/00/},
    author =    {Elwyn B. Davies and János Mohácsi},
    title =     {{Best Current Practice for Filtering ICMPv6 Messages in Firewalls}},
    pagetotal = 20,
    year =      2005,
    month =     jul,
    day =       12,
    abstract =  {In networks supporting IPv6 the Internet Control Message Protocol version 6 (ICMPv6) plays a fundamental role with a large number of functions, and a correspondingly large number of message types and options. A number of security risks are associated with uncontrolled forwarding of ICMPv6 messages, and it is desirable to configure site firewalls to intercept inappropriate usages of ICMPv6 which might allow an attacker outside a site to probe or compromise the site network. On the other hand, compared with IPv4 and the corresponding protocol ICMP, ICMPv6 is essential to the functioning of IPv6 rather than a useful auxiliary. Hence too aggressive filtering of ICMPv6 messages can be detrimental to the establishment of IPv6 communications. This means that effective filtering of ICMPv6 requires a more complex configuration than was needed for ICMP. This document provides some recommendations for ICMPv6 firewall filter configuration that will allow propagation of ICMPv6 messages that are needed to maintain the functioning of the network but drop messages which are potential security risks.},
}