On Mon, 28 Jan 2013, Doug Barton wrote:
On 1/28/2013 7:27 AM, Eugeniu Patrascu wrote:
- configure IPv6 firewall rules (mostly a mirror of the IPv4 rulesets)
Hopefully that did not included filtering ICMPv6? :)
The level of IPv6 support in firewalls has been all over the place, even from vendors who have known IPv6 was coming for a long time ;) I published a minimum IPv6 firewall ruleset for Cisco ASAs a while back on some other lists and got only a little feedback, so for the benefit of the NANOG community, I offer up: http://www.cluebyfour.org/ipv6/ I will be testing the transition from 8.x to 9.x code in my lab as soon as this week, so I should have some updated to publish very soon. Likewise, I'm in the process of getting a DHCPv6 server spun up as well, so I'll have some updates to publish there as well. As always, suggestions and constructive feedback are always welcome. jms