Extension headers and firewalls
Cameron Byrne
cb.list6 at gmail.com
Sat Jul 21 22:38:06 CEST 2012
On Jul 20, 2012 1:17 AM, "Erik Kline" <ek at google.com> wrote:
>
> I know that (at least some models of) Brand J router ACLs can't filter
when there are extension headers so the packets are usually just dropped.
Extension headers, and by extension, fragmentation, really kinda just
don't work in the IPv6 world right now. :-(
>
>
Perhaps this functionality should be officially depricated.
CB
> On 20 July 2012 17:10, Brian E Carpenter <brian.e.carpenter at gmail.com>
wrote:
>>
>> I'm hearing that shim6 headers are blocked by the BSD pf firewall, and
that
>> the problem extends to other types of extension header.
>>
>> I'm also hearing that PIX boxes are said to drop shim6 headers.
>>
>> Does anybody have clear information about this?
>>
>> Regards
>> Brian Carpenter
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20120721/8609a7f0/attachment.html
More information about the ipv6-ops
mailing list