Hi, On Wed, Jul 26, 2017 at 08:48:43AM +1200, Brian E Carpenter wrote: > >> And why would ACLs be relevant for on-link traffic? > > > > Interface ACLs are relevant for all packets leaving or entering an > > interface, generally... > > Yes, but why are they relevant except for routers? I didn't see > anything in the original message that limited its scope to routers. > Most nodes aren't routers. I don't expect to see ACLs on normal > hosts.
All my hosts that are in some way Internet exposed have ACLs of
some sort - call it "Windows firewall" or "FreeBSD pf(4)".
Usually these implicitly understand what is needed to make ND work,
but I've heard more than once about cases where Linux people blocked
"everything on input except tcp/80" with ip6tables, killing ND in the
process -> bam, machine fell of the net, IPv6 gone.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
