[Mip6-firewall] HA Firewall BCP draft
Suresh Krishnan
suresh.krishnan at ericsson.com
Fri Jun 29 11:14:28 EDT 2007
Hi Niklas,
Niklas Steinleitner wrote:
> Hi Suresh,
>
> just a few comments after quickly scan the document:
> - in section 3.1 you write "Source Address: Address of HA". This has to
> be "Destination Address: Address of HA"!
Nice catch. But I think it has to be both. I will revise the text to say
Source Address: Address of HA
IP payload protocol number: 50 (ESP)
Destination Address: Address of HA
IP payload protocol number: 50 (ESP)
> - it might not be explicitly necessary, but we should mention in the
> introduction that we assume a stateful packetfilters firewall.
Will do.
> - section 3.4: from my point of view we should discourage from install
> such firewall pinholes!
Do you think this warning currently in the text is not good enough
Allowing this traffic might allow any kind of traffic, including
malicious traffic, to pass through unfiltered to the MN. This might
cause a Denial of Service at the MN.
Cheers
Suresh
More information about the Mip6-firewall
mailing list