Date: Tue, 19 Feb 2002 18:55:43 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: net@freebsd.org Subject: Odd Rule in rc.firewall6 Message-ID: <20020219185543.T48401@blossom.cjclark.org>
next in thread | raw e-mail | index | archive | help
I was wondering if anyone here could explain this to me:
############
# Only in rare cases do you want to change these rules
#
${fw6cmd} add 100 pass all from any to any via lo0
#
# ND
#
# DAD
${fw6cmd} add pass ipv6-icmp from ff02::/16 to ::
${fw6cmd} add pass ipv6-icmp from :: to ff02::/16
I don't understand that first IPV6-ICMP rule. RFC2373 says,
2.5.2 The Unspecified Address
The address 0:0:0:0:0:0:0:0 is called the unspecified address.
...
The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing Headers.
That rule sure looks like it is explicitly passing invalid
traffic. Unless someone can enlighten my ignorance here, I'm going to
nuke that rule.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020219185543.T48401>