[j-nsp] IPv6 firewall

Stephen Stuart stuart@tech.org
Tue, 01 Oct 2002 09:51:09 -0700


> As long as the routing protocols aren't using port 23, this filter
> should pass them. Also, there would not be routes present in the
> table if this were the case (I believe the original email stated
> there were routes present).

The test needs to include the fact that only TCP packets should be
tested for destination port 23. A non-TCP packet could match term 1 of
the filter as written - it could be that some routing protocol packets
have the bit-pattern to match destination port 23 that would fail the
test for TCP protocol (allowing them to fall through to term 2).

Stephen