IPv6 network policies
Alexander Clouter
alex at digriz.org.uk
Sun Apr 11 12:33:39 CEST 2010
Jim Burwell <jimb at jsbc.cc> wrote:
>
> Yes. The ping-pong problem can be easily demonstrated on my 6in4
> link. My simple solution is two ACL entries:
>
> Router A:
> ip6tables --append FORWARD --destination 2001:db8:1234:567::1/128
> - -out-interface he6 --jump ACCEPT
> ip6tables --append FORWARD --destination 2001:db8:1234:567::/64
> - -out-interface he6 --jump REJECT --reject-with icmp6-adm-prohibited
>
That's an ugly use of icmp6-adm-prohibited if I might say.
A better approach IMO:
----
ip route add unreachable <your-whole-IPv6-allocation>
----
This then only needs to be done at your end, which is the correct thing
to do (as you are the one using the default route).
Cheers
--
Alexander Clouter
.sigmonster says: I hope the ``Eurythmics'' practice birth control ...
More information about the ipv6-ops
mailing list