Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 16:07:27
Am Donnerstag, 8. Januar 2004 16:21 schrieb mir MA:
> Actually I'm allowing icmp :) > > Interesting discussion for me as a noob though.
In some cases users decrease their MTU until the connection works instead of respecting the wish of the packet filter admin to ignore the site. Sometimes your packets are too big for some parts of the net without fragmenting so you get a message that you should reduce your packet size. If you block such messages, you can't connect with the target. These messages are delivered by ICMP so blocking of ICMP is very stupid. mfg Oli -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? Mark Hurst <mark@××××××.net>