Link-local and ACLs
Gert Doering
gert at space.net
Wed Jul 26 09:52:33 CEST 2017
Hi,
On Wed, Jul 26, 2017 at 08:48:43AM +1200, Brian E Carpenter wrote:
> >> And why would ACLs be relevant for on-link traffic?
> >
> > Interface ACLs are relevant for all packets leaving or entering an
> > interface, generally...
>
> Yes, but why are they relevant except for routers? I didn't see
> anything in the original message that limited its scope to routers.
> Most nodes aren't routers. I don't expect to see ACLs on normal
> hosts.
All my hosts that are in some way Internet exposed have ACLs of
some sort - call it "Windows firewall" or "FreeBSD pf(4)".
Usually these implicitly understand what is needed to make ND work,
but I've heard more than once about cases where Linux people blocked
"everything on input except tcp/80" with ip6tables, killing ND in the
process -> bam, machine fell of the net, IPv6 gone.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20170726/759a0e23/attachment.sig>
More information about the ipv6-ops
mailing list