[j-nsp] ipv6 filter: why is tcp-initial missing?

Jochen Kaiser Jochen.Kaiser at rrze.uni-erlangen.de
Thu Aug 28 23:38:51 EDT 2003


hello,

implementing an incoming filter for IPv6 revealed that the ipv6
filter is missing the 'tcp-initial' statement.

Reading documentation it says, that this statement is really solely 
available in ipv4. 

For me, it's a real drawback in trying to implement an incoming firewall
on the IPv6 gateway. Since IPv6 operating systems often have their
services running dual stack as soon as they are invoked on the boxes,
it's necessary to block on the internet gateway to protect 
'experimenting' users from exploits. 

Has the 'feature' just been 'forgotten' or are there reasons why it's not
implemented yet?

Does anybody know when it is planned?

regards,
Jochen

-- 
Dipl. Inf. Jochen Kaiser, GPG 0x3C93A870, phone +49 9131 85-28681
Network Administration  mailto:jochen.kaiser at rrze.uni-erlangen.de
Regionales Rechenzentrum Universitaet Erlangen-Nuernberg, Germany
Homepage and PublicKey: http://ipv6.rrze.uni-erlangen.de/~unrz111 


More information about the juniper-nsp mailing list