On 6 sep 2003, at 12.56, Jeroen Massar wrote:
(The pix blocks it in some configuration modes I can add before you all say _T_H_E__P_I_X_...)
Haha, hmm people where indeed complaining about PIX's at RIPE46 :) Btw, when is a PIX going to do IPv6, I once heared "March 2003" but I queried a university where they wanted to do IPv6 but due to policy stuff were not allowed as their PIX didn't filter IPv6 that it still did not support it :(
The pix is like all "firewall software" there to "protect" stupid things behind it. So, to some degree it should only allow the minimal possible things (512 byte DNS packets, no extensions to SMTP etc). But, the problem _I_ see with the pix is that one only have the choice of being so rigid regarding the standards, OR to open the port(s) completely. As you understand, this is something I am trying to change, but it is hard, because firewall people are extremely conservative. paf