[j-nsp] IPv6 firewall policy for MX
lee.pedder at gmail.com
Fri Jun 28 15:53:30 EDT 2019
It's a good start but there are many issues with it.
I think you need to take some time to understand IPv6 before implementing.
The book examples don't restrict RS/RA to link local, are too open on
things like BGP and traceroute. Trio hardware also has payload-protocol
available in addition to next-header for matching.
The IETF opsec-v6 draft is a useful resource to begin with
On Fri, 28 Jun 2019, 20:28 Aaron Gould, <aaron1 at gvtc.com> wrote:
> 2nd edition page 332 "IPv6 RE Protection Filter"
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp