Firewall Wizards mailing list archives
Re: Firewall Solution - 50 Users on SDSL Connection
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 05 Oct 2003 10:38:54 -0400
Paul Robertson wrote:
*Be careful* filtering ICMP, if you're allowing the DF bit to be set, you're going to kill PMTU discovery if you're not careful.
So? Kill it. It was a bad idea in the first place; the standards guys (once again) didn't think about security boundary devices when they did their design. If it continues to not work properly, maybe they'll fix their stupid protocol and be more careful next time. :) mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Solution - 50 Users on SDSL Connection Dan Harp (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) Mikael Olsson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Devdas Bhagat (Oct 05)