"Time Exceeded" & "Parameter Problem" Not in 2.4.4 Default Allow?
-
According to:
https://tools.ietf.org/html/rfc4890#section-4.3.1
4.3.1. Traffic That Must Not Be Dropped
Error messages that are essential to the establishment and
maintenance of communications:
o Destination Unreachable (Type 1) - All codes
o Packet Too Big (Type 2)
o Time Exceeded (Type 3) - Code 0 only
o Parameter Problem (Type 4) - Codes 1 and 2 only
Yet, according to:
https://github.com/pfsense/pfsense/blob/75cf92ffe93c7ea71cd5b432c369860b6e66a0d3/src/etc/inc/filter.inc#L3297
the Time Exceeded (Type 3) and Parameter Problem (Type 4) - Codes 1 and 2 are not being allowed by pfSense 2.4.4 in the default allow rule. Should they be?
EDIT: I guess while I'm here I'll also ask about the missing parts of Neighbor Discovery. According to that same document, Neighbor Discovery consists of 7 message types:
" o Router Solicitation (Type 133)
o Router Advertisement (Type 134)
o Neighbor Solicitation (Type 135)
o Neighbor Advertisement (Type 136)
o Redirect (Type 137)
o Inverse Neighbor Discovery Solicitation (Type 141)
o Inverse Neighbor Discovery Advertisement (Type 142)"Most of the few things I've read on this don't mention the Inverse ones. For instance, this one doesn't talk about them:
https://tools.ietf.org/html/rfc3971
But, since pfSense's default ICMPv6 rules specifically allow router and neighbor solicitation and advertisement, why not the others (i.e., specifically, Redirect - but also the two Inverse ones)?
