[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: raw thoughts on v6 firewalls
On Wed, 18 Sep 2002 Rod.VanMeter@nokia.com wrote:
> Unless I'm suffering total brain failure (never out of
> the question), every extension header is supposed to have
> the length in the same place, and one use is exactly that
> reason.
Not really, see other messages.
> Pekka, are there other v6-specific firewall issues, and is this
> the right place to discuss them?
Yes, but that is the most major issue (the same applies to some specific
destination options too).
Others, not necessarily all IPv6-specific:
- peer2peer recognition allow/disallow mechanism
- need to be able to, in some cases, to be able to parse routing header
or home-address option contents
- the role of firewall in the presence of ESP-encrypted traffic
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords