40 likes | 54 Views
This document provides recommendations for filtering ICMP messages, addressing both inbound and outbound traffic. It covers ICMPv4 and ICMPv6, and includes suggestions for filtering messages "through" the device as well as messages to/from the device.
E N D
Recommendations for filtering ICMP messages(draft-ietf-opsec-icmp-filtering) Fernando Gont UTN/FRH 76th IETF meeting, November 8-13, 2009 Hiroshima, Japan
Changes from the last rev • Populated a few sections • Updated outdated references • Miscellaneous edits • Progress was slow… but now commiting more cycles to it
Open Issues • The document is currently heading for Informational. • Some suggested BCP • BCP might be a better target (personally, I’m happy either way) • Got some positive comments for aiming at BCP • Current advice assumes what to do with ICMP messages that go “through” the device • Should advice also address filtering messages from/to the device? • Got some positive comments about this idea
Moving forward • Currently working working on the ICMPv6 sections • Rest of the document still needs work/review • If you have feedback, post it on opsec@ietf.org, or send it to fernando@gont.com.ar