** Reply to message from Jason Dixon <[EMAIL PROTECTED]> on Sun, 17
Dec 2006 15:17:01 -0500
>On Dec 17, 2006, at 2:51 PM, carlopmart wrote:
>
>> Yes, my security staff orders to disable IPv6 protocol on all our
>> firewalls ...
>
>Your security staff is clueless. I bet they like to block icmp echo-
>request too.
Unfortunately, the fact that they're clueless doesn't make it possible
to ignore their demands. Fortunately, it's almost trivial to configure
PF to block all incoming and outgoing IPv6 on your external interface
(or on all of your interfaces). The question is, can you convince the
powers-that-be that doing this is sufficient? It clearly should be,
since it prevents any possibility of communicating via IPv6.
Good luck,
Dave
--
Dave Anderson
<[EMAIL PROTECTED]>
