Hi Eric, in addition to RFC 4980 mentioned in another post you might consider the following sources as a starting point: https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strate... https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strate... https://www.troopers.de/media/filer_public/85/be/85bef719-59a4-4567-aebb-ce0... https://www.ernw.de/download/ERNW_Guide_to_Securely_Configure_Linux_Servers_... cheers Enno On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote:
Good morning all,
I???m looking for some guidance on best practices to secure IPv6 on Linux end nodes parked in AWS.
Boxes will be running various services (DNS for starters) and I???m looking to secure mainly ICMP at this point. Service filtering is fairly cut and dried.
I???ve reviewed some of the stuff out there, but apparently I???m catching too many of the ICMP types in the rejection as routing eventually breaks. My guess is router discovery gets broken by too tight of filters.
Thanks for any guidance.
EKG
-- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey ======================================================= Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator =======================================================