Extension headers and firewalls
cb.list6 at gmail.com
Sat Jul 21 22:38:06 CEST 2012
On Jul 20, 2012 1:17 AM, "Erik Kline" <ek at google.com> wrote:
> I know that (at least some models of) Brand J router ACLs can't filter
when there are extension headers so the packets are usually just dropped.
Extension headers, and by extension, fragmentation, really kinda just
don't work in the IPv6 world right now. :-(
Perhaps this functionality should be officially depricated.
> On 20 July 2012 17:10, Brian E Carpenter <brian.e.carpenter at gmail.com>
>> I'm hearing that shim6 headers are blocked by the BSD pf firewall, and
>> the problem extends to other types of extension header.
>> I'm also hearing that PIX boxes are said to drop shim6 headers.
>> Does anybody have clear information about this?
>> Brian Carpenter
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ipv6-ops