There’s a spelling mistake (no big deal I’m sure) but if you want to correct it I’m letting you know in the “DHCP client I get, but what’s with DHCP server versus radvd?” it reads “since it dos not allocate any” instead of “since it does not allocate any”

You can delete my comment if you like, I just wanted to let you know about it.

The RFC link is good for those in to RFCs…. But for those who have led an unblemished life, free from the taint of data comms RFCs, I advise caution. They drive you mad if treated without care.

Anyway, good information. One day when I write further articles about my IPv6 project, I’ll be sure to refer folks back to your comment here!! Thanks!

In particular, type 2 datagrams (“packet too big”) are used for path MTU discovery. IPv6 does not support packet fragmentation — if your MTU is too big for something in your path, that traffic will get dropped, and the sending system will never know that it needs to back off on packet sizes. This type of problem can be *very* difficult to debug… it appears as a problem with an upstream connection, even though the problem is actually right there on your firewall.

Some type 1, type 3, and type 4 codes should also be allowed, no matter what.

RFC 4890 (http://www.ietf.org/rfc/rfc4890.txt) has a more thorough discussion of ICMPv6 filtering requirements and recommendations.

In the first instance all my client will be dual-stack IPv4 & IPv6. They already have the IPv4 DNS known and active so we will let them continue to use that. Of course if IPv4 does one day disappear, and we run as single-stack IPv6, this would need to be addressed.