Extension headers and firewalls

Erik Kline ek at google.com
Fri Jul 20 10:17:10 CEST 2012

I know that (at least some models of) Brand J router ACLs can't filter when
there are extension headers so the packets are usually just dropped.
 Extension headers, and by extension, fragmentation, really kinda just
don't work in the IPv6 world right now.  :-(

On 20 July 2012 17:10, Brian E Carpenter <brian.e.carpenter at gmail.com>wrote:

> I'm hearing that shim6 headers are blocked by the BSD pf firewall, and that
> the problem extends to other types of extension header.
> I'm also hearing that PIX boxes are said to drop shim6 headers.
> Does anybody have clear information about this?
> Regards
>    Brian Carpenter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120720/431b8132/attachment.html 

More information about the ipv6-ops mailing list