Hi! On Sun, Dec 17, 2006 at 03:56:08PM -0500, Dave Anderson wrote: >** Reply to message from Jason Dixon <[EMAIL PROTECTED]> on Sun, 17 >Dec 2006 15:17:01 -0500
>>On Dec 17, 2006, at 2:51 PM, carlopmart wrote: >>> Yes, my security staff orders to disable IPv6 protocol on all our >>> firewalls ... >>Your security staff is clueless. I bet they like to block icmp echo- >>request too. >Unfortunately, the fact that they're clueless doesn't make it possible >to ignore their demands. Fortunately, it's almost trivial to configure >PF to block all incoming and outgoing IPv6 on your external interface >(or on all of your interfaces). The question is, can you convince the >powers-that-be that doing this is sufficient? It clearly should be, >since it prevents any possibility of communicating via IPv6. Don't ask don't tell. I.e. just block quick inet6 in pf, tell them "ok, I've blocked IPv6", and as long as they don't ask *how* he blocked it, it's done. >Good luck, > Dave Kind regards, Hannah.
