On 1/25/11 9:13 PM, Roland Dobbins wrote: > > On Jan 26, 2011, at 12:03 PM, Franck Martin wrote: > >> Ok filtering ipv6 and ipv6-icmp is understood, it is like ipv4. > > Be advised, ICMPv6 is *not* like ICMP in IPv4, and knowing what can be > filtered, what to filter, and where to filter it is considerably more complex > than in IPv4 - which, given the prevalence of broken PMTU-D alone, is > apparently not well-understood in many quarters, heh. >
Also, try to resist popular opinion in outright blocking of ICMP - it's not really that evil. ~Seth
