At 18:20 26/01/2011 +1300, Franck Martin wrote:

Content-Transfer-Encoding: 7bit

Well we filter icmp due to exploits, if no exploits, then we can let the whole of icmpv6 through. Or is there something terribly dangerous in icmpv6 already?

Ever since Cisco came out with "IPv6 Routing Header Vulnerability" in 2007 http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0... I have had the following enabled: On the protected interface: ipv6 traffic-filter filter-rh in ipv6 access-list filter-rh deny ipv6 any any log routing permit ipv6 any any and have stopped many pkts that way. I still occasionally see hits in our log from all sorts of newbies who continue to try old bugs. -Hank