Best Current Practice for Filtering ICMPv6 Messages in Firewalls
draft-ietf-v6ops-icmpv6-filtering-bcp-01
Document Type Replaced Internet-Draft (v6ops WG)
Last updated 2006-07-20 (latest revision 2006-03-09)
Replaced by draft-ietf-v6ops-icmpv6-filtering-recs
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-v6ops-icmpv6-filtering-recs
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors IPR References Referenced by Nits

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-v6ops-icmpv6-filtering-bcp-01.txt

Abstract

In networks supporting IPv6 the Internet Control Message Protocol version 6 (ICMPv6) plays a fundamental role with a large number of functions, and a correspondingly large number of message types and options. A number of security risks are associated with uncontrolled forwarding of ICMPv6 messages. On the other hand, compared with IPv4 and the corresponding protocol ICMP, ICMPv6 is essential to the functioning of IPv6 rather than a useful auxiliary. This document provides some recommendations for ICMPv6 firewall filter configuration that will allow propagation of ICMPv6 messages that are needed to maintain the functioning of the network but drop messages which are potential security risks.

Authors

Elwyn Davies (elwynd@dial.pipex.com)
János Mohácsi (mohacsi@niif.hu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)

ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA