[j-nsp] IPv6 firewall policy for MX

Lee Pedder lee.pedder at gmail.com
Fri Jun 28 15:53:30 EDT 2019


It's a good start but there are many issues with it.

I think you need to take some time to understand IPv6 before implementing.
The book examples don't restrict RS/RA to link local, are too open on
things like BGP and traceroute. Trio hardware also has payload-protocol
available in addition to next-header for matching.

The IETF opsec-v6 draft is a useful resource to begin with

https://datatracker.ietf.org/doc/draft-ietf-opsec-v6/


On Fri, 28 Jun 2019, 20:28 Aaron Gould, <aaron1 at gvtc.com> wrote:

> 2nd edition page 332 "IPv6 RE Protection Filter"
>
> -Aaron
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list