Firewall Wizards mailing list archives
Re: How automate firewall tests
From: Oliver Humpage <oliver () watershed co uk>
Date: Mon, 21 Aug 2006 17:22:26 +0100
on 21/8/06 2:46 pm, Patrick M. Hausen at hausen () punkt de wrote:
Or did I get you completely wrong? I'm thinking of e.g. firewall protected public web servers. If you block ICMP, clients that try to access them with a smaller MTU than whatever the server's local interface has got will fail.
Not necessarily - IP packets can be fragmented to go over smaller MTU networks. The problem comes when some OSes unnecessarily set the "Do Not Fragment" bit on all packets, and at that point if the "must fragment" icmp message doesn't get back to the server then no data flows. I can understand why *some* types of ICMP could be considered undesirable, but there are other types which should definitely be let through under certain circumstances. Oliver. PS Missed the start of this discussion, apologies if I missed the point there. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Marcus J. Ranum (Aug 20)
- Re: How automate firewall tests StefanDorn (Aug 20)
- Re: How automate firewall tests Strabla Ruggero (Aug 20)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Oliver Humpage (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Isaac Van Name (Aug 21)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Avishai Wool (Aug 22)
- Re: How automate firewall tests Bill Royds (Aug 21)
- Re: How automate firewall tests Chuck Swiger (Aug 21)
- Re: How automate firewall tests Bill Royds (Aug 22)