"Time Exceeded" & "Parameter Problem" Not in 2.4.4 Default Allow?
beremonavabi last edited by beremonavabi
4.3.1. Traffic That Must Not Be Dropped
Error messages that are essential to the establishment and
maintenance of communications:
o Destination Unreachable (Type 1) - All codes
o Packet Too Big (Type 2)
o Time Exceeded (Type 3) - Code 0 only
o Parameter Problem (Type 4) - Codes 1 and 2 only
Yet, according to:
the Time Exceeded (Type 3) and Parameter Problem (Type 4) - Codes 1 and 2 are not being allowed by pfSense 2.4.4 in the default allow rule. Should they be?
EDIT: I guess while I'm here I'll also ask about the missing parts of Neighbor Discovery. According to that same document, Neighbor Discovery consists of 7 message types:
" o Router Solicitation (Type 133)
o Router Advertisement (Type 134)
o Neighbor Solicitation (Type 135)
o Neighbor Advertisement (Type 136)
o Redirect (Type 137)
o Inverse Neighbor Discovery Solicitation (Type 141)
o Inverse Neighbor Discovery Advertisement (Type 142)"
Most of the few things I've read on this don't mention the Inverse ones. For instance, this one doesn't talk about them:
But, since pfSense's default ICMPv6 rules specifically allow router and neighbor solicitation and advertisement, why not the others (i.e., specifically, Redirect - but also the two Inverse ones)?