[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: raw thoughts on v6 firewalls



On Wed, 18 Sep 2002 Rod.VanMeter@nokia.com wrote:
> Unless I'm suffering total brain failure (never out of
> the question), every extension header is supposed to have
> the length in the same place, and one use is exactly that
> reason.

Not really, see other messages.

> Pekka, are there other v6-specific firewall issues, and is this
> the right place to discuss them?

Yes, but that is the most major issue (the same applies to some specific 
destination options too).

Others, not necessarily all IPv6-specific:

 - peer2peer recognition allow/disallow mechanism
 - need to be able to, in some cases, to be able to parse routing header 
or home-address option contents
 - the role of firewall in the presence of ESP-encrypted traffic

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords