About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] v6 ns/glue naming bcp

  • To: "Jeroen Massar" < >
  • From: Patrik Fältström < >
  • Date: Sat, 6 Sep 2003 14:00:37 +0200
  • Cc: "'Peter Koch'" < >
    < >
On 6 sep 2003, at 12.56, Jeroen Massar wrote:
(The pix blocks it in some configuration modes I can add before you all
say _T_H_E__P_I_X_...)
Haha, hmm people where indeed complaining about PIX's at RIPE46 :)
Btw, when is a PIX going to do IPv6, I once heared "March 2003"
but I queried a university where they wanted to do IPv6 but due
to policy stuff were not allowed as their PIX didn't filter IPv6
that it still did not support it :(
The pix is like all "firewall software" there to "protect" stupid things behind it. So, to some degree it should only allow the minimal possible things (512 byte DNS packets, no extensions to SMTP etc). But, the problem _I_ see with the pix is that one only have the choice of being so rigid regarding the standards, OR to open the port(s) completely.

As you understand, this is something I am trying to change, but it is hard, because firewall people are extremely conservative.

paf



  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community