Hi Eric, in addition to RFC 4980 mentioned in another post you might consider the following sources as a starting point:
https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-3-traffic-filtering-in-ipv6-networks-i/ https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-4-traffic-filtering-in-ipv6-networks-ii/ https://www.troopers.de/media/filer_public/85/be/85bef719-59a4-4567-aebb-ce01f9484f4d/ernw_tr16_ipv6secsummit_enterprise_security_strategy_final.pdf https://www.ernw.de/download/ERNW_Guide_to_Securely_Configure_Linux_Servers_For_IPv6_v1_0.pdf cheers Enno On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote: > Good morning all, > > I???m looking for some guidance on best practices to secure IPv6 on Linux end > nodes parked in AWS. > > Boxes will be running various services (DNS for starters) and I???m looking > to secure mainly ICMP at this point. Service filtering is fairly cut and > dried. > > I???ve reviewed some of the stuff out there, but apparently I???m catching > too many of the ICMP types in the rejection as routing eventually breaks. My > guess is router discovery gets broken by too tight of filters. > > Thanks for any guidance. > > EKG > -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey ======================================================= Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator =======================================================
