On Wed, Feb 19, 2014 at 10:54:14AM +0100, Gert Doering wrote:
Blocking by /64 by default is likely to get collateral damage. Enough
people do shared subnets with multiple customers in the same /64 - while
I won't recommend it, it is *done*, and blocking the whole /64 because
you have seen
On Feb 19, Daniel Roesen d...@cluenet.de wrote:
This is btw standard setup in the DOCSIS world. All CPEs get a single IP
out of a shared /64. In case the CPE is not a customer PC but a router
(most customers have that), of course DHCPv6-PD is used to issue
prefixes. Nevertheless, there is a
Folks,
We have published a new I-D on Requirements for IPv6 Firewalls
The I-D is available at:
http://tools.ietf.org/html/draft-gont-opsec-ipv6-firewall-reqs-00
The goals of this first (and drafty) version of the document are as follows:
1) Agree on a rationale to write this spec.
For
Hi Gert,
On Wed, 2014-02-19 at 10:54 +0100, Gert Doering wrote:
Hi,
On Wed, Feb 19, 2014 at 02:45:33PM +1000, Noel Butler wrote:
We block only by IP from whatever spam source is used (4, or 6), and
rbldnsd handles ipv6 nicely (albeit in /64's - fair enough too, since
most end users get
