tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPv6 reject routes

On Fri, Feb 13, 2009 at 08:12:37AM -0500, Greg Troxel wrote:
>           case ENETUNREACH:
>           case EHOSTUNREACH:
>   +           type = ICMP6_DST_UNREACH;
>   +           code = ICMP6_DST_UNREACH_NOROUTE;
>   +           break;
>   + 
> Seems fine to me to change this.  Do the specs talk about -reject
> routes, or are they beyond-the-spec? 

The latter, afaict.

> There is a route, but it's tagged
> to reject, so it's almost like ADMIN_PROHIBITED.

Nah, that's what I'd do with e.g. ipfilter. I want to tell
"the net's not there", not that it's there but forbidden to
access. If I wanted to forbid access, I'd do it with ipfilter
or pf etc.


Home | Main Index | Thread Index | Old Index