= Сообщение: 1664 из 7440 ============================================= IPV6 = От : Markus Reschke 2:240/1661 22 Sep 15 13:47:30 Кому : Paul Hayton 22 Sep 15 13:47:30 Тема : Re: Debugging PING FGHI : area://IPV6?msgid=2:240/1661+55f72b23 На : area://IPV6?msgid=3:770/100+4736b0a8 = Кодировка сообщения определена как: LATIN-1 ================================ ============================================================================== Hi Paul!
Sep 22 22:05 2015, Paul Hayton wrote to Michiel van der Vlist:
PH> So it turns out although AICCU adds a rule to the inbound firewall PH> settings in windows called "AICCU: Allow incoming ICMPv6 echo request" PH> it only enables a limited range of ICMP types. I found by setting this PH> to ALL types then the ping replies started to happen.
BTW, if you're interested in a proper ICMPv6 ruleset please have a look at RFC4890. Some types should be limited to specific address ranges and some dropped completely. I don't want to discourage you in your IPv6 endevour but it's a good idea be cautious and a little bit paranoid, because there are security issues in various IPv6 stacks and also some inherent issues in the protocol itself. IPv6 is not less secure then IPv4, but most vendors are not up to date security-wise. Currently it's quite easy to crash or DoS most IPv6 systems. And a $100k firewall doesn't fix that either.
PH> It also seems each time you run AICCU it adds another copy of this PH> rule exception to the firewall... not good.
For the same destination IPv6 address (range)? <facepalm>
