Icmp access lists on dhcp-pd deployments
SM
sm at resistor.net
Thu May 31 18:02:26 CEST 2012
At 07:29 31-05-2012, Seth Mos wrote:
>They do not explicitly cover the case of ICMP6 echo/reply on
>link-local addressing, although section 4.4 "Recommendations for
>ICMPv6 Local Configuration Traffic" says this:
[snip]
>I would think that covers link-local traffic, so that makes me
>wonder why a ISP would find blocking this neccesary.
From man(8) iptables:
"This target is used to overcome criminally braindead ISPs or servers
which block "ICMP Fragmentation Needed" or "ICMPv6 Packet Too Big"
packets."
Maybe the blocking is an oversight or some default ACL being
applied. It is, as you said, counter intuitive.
Regards,
-sm
More information about the ipv6-ops
mailing list