Date: Wed, 20 Feb 2002 13:57:21 +0900 From: Hajimu UMEMOTO <ume@mahoroba.org> To: cjclark@alum.mit.edu Cc: net@freebsd.org Subject: Re: Odd Rule in rc.firewall6 Message-ID: <yge664sda32.wl@cheer.mahoroba.org> In-Reply-To: <20020219185543.T48401@blossom.cjclark.org> References: <20020219185543.T48401@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Tue, 19 Feb 2002 18:55:43 -0800
>>>>> "Crist J. Clark" <crist.clark@attbi.com> said:
crist.clark> I was wondering if anyone here could explain this to me:
crist.clark> # DAD
crist.clark> ${fw6cmd} add pass ipv6-icmp from ff02::/16 to ::
crist.clark> ${fw6cmd} add pass ipv6-icmp from :: to ff02::/16
crist.clark> I don't understand that first IPV6-ICMP rule. RFC2373 says,
crist.clark> 2.5.2 The Unspecified Address
crist.clark> The address 0:0:0:0:0:0:0:0 is called the unspecified address.
crist.clark> ...
crist.clark> The unspecified address must not be used as the destination address
crist.clark> of IPv6 packets or in IPv6 Routing Headers.
crist.clark> That rule sure looks like it is explicitly passing invalid
crist.clark> traffic. Unless someone can enlighten my ignorance here, I'm going to
crist.clark> nuke that rule.
RFC2461 4.3. says:
Source Address
Either an address assigned to the interface from
which this message is sent or (if Duplicate Address
Detection is in progress [ADDRCONF]) the
unspecified address.
So,
${fw6cmd} add pass ipv6-icmp from :: to ff02::/16
must be retained. But, it seems
${fw6cmd} add pass ipv6-icmp from ff02::/16 to ::
is not required. When I wrote this, maybe I might confused.
But, I cannot test it just now. I'll test it tonight.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge664sda32.wl>