| 1 |
Am Donnerstag, 8. Januar 2004 16:21 schrieb mir MA: |
| 2 |
> Actually I'm allowing icmp :) |
| 3 |
> |
| 4 |
> Interesting discussion for me as a noob though. |
| 5 |
|
| 6 |
In some cases users decrease their MTU until the connection works instead |
| 7 |
of respecting the wish of the packet filter admin to ignore the site. |
| 8 |
|
| 9 |
Sometimes your packets are too big for some parts of the net without |
| 10 |
fragmenting so you get a message that you should reduce your packet size. |
| 11 |
If you block such messages, you can't connect with the target. These |
| 12 |
messages are delivered by ICMP so blocking of ICMP is very stupid. |
| 13 |
|
| 14 |
mfg |
| 15 |
Oli |
| 16 |
|
| 17 |
-- |
| 18 |
gentoo-security@g.o mailing list |
Archives