Firewall Wizards mailing list archives

Re: Firewall Solution - 50 Users on SDSL Connection

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 05 Oct 2003 10:38:54 -0400

Paul Robertson wrote:

*Be careful* filtering ICMP, if you're allowing the DF bit to be set, 
you're going to kill PMTU discovery if you're not careful.


So? Kill it. It was a bad idea in the first place; the standards guys
(once again) didn't think about security boundary devices when
they did their design. If it continues to not work properly, maybe
they'll fix their stupid protocol and be more careful next time. :)

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Firewall Solution - 50 Users on SDSL Connection Dan Harp (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
  - Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
    - Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
  - Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) Mikael Olsson (Oct 05)
    - Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) Paul Robertson (Oct 05)
    - Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) ark (Oct 06)
- Re: Firewall Solution - 50 Users on SDSL Connection Devdas Bhagat (Oct 05)