On Aug 7, 2011, at 5:15 PM, Mark Andrews wrote: > > One think I haven't seen mentions w.r.t. firewalls is protecting the rest of > the world from compromised home machines. While ISP's should be doing BCP 38 > filtering, CPE devices should also be filtering outgoing traffic that is not > from a valid prefix. [...]
Then I would direct your attention to Recommendation #5 in RFC 6092, which informs the implementers of residential firewalls thusly: REC-5: Outbound packets MUST NOT be forwarded if the source address in their outer IPv6 header does not have a unicast prefix configured for use by globally reachable nodes on the interior network. Does that about cover it? -- james woodyatt <j...@apple.com> member of technical staff, core os networking _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
