Link-local and ACLs
gert at space.net
Wed Jul 26 09:52:33 CEST 2017
On Wed, Jul 26, 2017 at 08:48:43AM +1200, Brian E Carpenter wrote:
> >> And why would ACLs be relevant for on-link traffic?
> > Interface ACLs are relevant for all packets leaving or entering an
> > interface, generally...
> Yes, but why are they relevant except for routers? I didn't see
> anything in the original message that limited its scope to routers.
> Most nodes aren't routers. I don't expect to see ACLs on normal
All my hosts that are in some way Internet exposed have ACLs of
some sort - call it "Windows firewall" or "FreeBSD pf(4)".
Usually these implicitly understand what is needed to make ND work,
but I've heard more than once about cases where Linux people blocked
"everything on input except tcp/80" with ip6tables, killing ND in the
process -> bam, machine fell of the net, IPv6 gone.
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20170726/759a0e23/attachment.bin
More information about the ipv6-ops