Gentoo Archives: gentoo-security

From: Mark Hurst <mark@××××××.net>
To: Oliver Schad <o.schad@×××.de>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 08:08:43
Message-Id: 20040109190655.1b63cca4.mark@gumrak.net
In Reply to: Re: [gentoo-security] firewall suggestions? by Oliver Schad
1 > Sometimes your packets are too big for some parts of the net without
2 > fragmenting so you get a message that you should reduce your packet
3 > size. If you block such messages, you can't connect with the target.
4 > These messages are delivered by ICMP so blocking of ICMP is very stupid.
5
6 No, blocking of "fragmentation required but DF set" ICMP is stupid.
7
8 Allowing all ICMP in just to enable PMTU discovery is not required.
9
10 regards
11
12 --
13 gentoo-security@g.o mailing list