From owner-freebsd-net  Tue Feb 19 18:55:47 2002
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87])
	by hub.freebsd.org (Postfix) with ESMTP id 4CE6F37B417
	for <net@freebsd.org>; Tue, 19 Feb 2002 18:55:44 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc54.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020220025544.WVAT1214.rwcrmhc54.attbi.com@blossom.cjclark.org>
          for <net@freebsd.org>; Wed, 20 Feb 2002 02:55:44 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g1K2thA24011
	for net@freebsd.org; Tue, 19 Feb 2002 18:55:43 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 19 Feb 2002 18:55:43 -0800
From: "Crist J. Clark" <crist.clark@attbi.com>
To: net@freebsd.org
Subject: Odd Rule in rc.firewall6
Message-ID: <20020219185543.T48401@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

I was wondering if anyone here could explain this to me:

  ############
  # Only in rare cases do you want to change these rules
  #
  ${fw6cmd} add 100 pass all from any to any via lo0
  #
  # ND
  #
  # DAD
  ${fw6cmd} add pass ipv6-icmp from ff02::/16 to ::
  ${fw6cmd} add pass ipv6-icmp from :: to ff02::/16

I don't understand that first IPV6-ICMP rule. RFC2373 says,

2.5.2 The Unspecified Address

   The address 0:0:0:0:0:0:0:0 is called the unspecified address.
   ...

   The unspecified address must not be used as the destination address
   of IPv6 packets or in IPv6 Routing Headers.

That rule sure looks like it is explicitly passing invalid
traffic. Unless someone can enlighten my ignorance here, I'm going to
nuke that rule.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message