10-10-2011 05:11 AM - edited 03-01-2019 05:30 PM
Hello all,
I was just reading that some ICMPv6 types must be permitted over firewall rules in both directions. Does this mean that even if current rules on firewall allows only access from LAN to Internet (all traffic from Internet to LAN is blocked) firewall rules should allow some ICMPv6 types from Internet to LAN?
If so which icmpv6 types must be allowed from internet to LAN (Fragmentation, packet-to-big)?
Thank you and kind regards,
Marko
10-10-2011 05:39 AM
Marko,
ND, DAD, PMTUD will depend on ICMPv6 being allowed through.
Any traffic filtering should allow those.
if you're looking for brief overview, NIST guys have compiled it:
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf
Section 3.5 to be specific.
Marcin
10-10-2011 11:35 PM
Dear Marcin,
thank you
Kind regards,
Marko
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide