From: | Mark Hurst <mark@××××××.net> | ||
---|---|---|---|
To: | Oliver Schad <o.schad@×××.de> | ||
Cc: | gentoo-security@l.g.o | ||
Subject: | Re: [gentoo-security] firewall suggestions? | ||
Date: | Fri, 09 Jan 2004 08:08:43 | ||
Message-Id: | 20040109190655.1b63cca4.mark@gumrak.net | ||
In Reply to: | Re: [gentoo-security] firewall suggestions? by Oliver Schad |
1 | > Sometimes your packets are too big for some parts of the net without |
2 | > fragmenting so you get a message that you should reduce your packet |
3 | > size. If you block such messages, you can't connect with the target. |
4 | > These messages are delivered by ICMP so blocking of ICMP is very stupid. |
5 | |
6 | No, blocking of "fragmentation required but DF set" ICMP is stupid. |
7 | |
8 | Allowing all ICMP in just to enable PMTU discovery is not required. |
9 | |
10 | regards |
11 | |
12 | -- |
13 | gentoo-security@g.o mailing list |