> -----Original Message----- > From: Ben Nagy [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 2 January 2001 9:29 > To: [EMAIL PROTECTED] > Subject: RE: List of "safe" ICMP types and codes [...] > Inbound - all unreachables (type 3) > Outbound - packet-too-big (3/4, from memory?) > > You only need to allow _outbound_ packet-too-big if you have > servers behind > your filters that the outside world needs access to - web servers > especially. You'll almost always need it inbound. Gah! I am such a moron sometimes. Outbound packet-too-big is almost always neccesary. You can sometimes live without _inbound_ packet-too-big although it will break PMTU-D initiated from the inside. We now return you to your scheduled viewing while I get myself a coffee. Cheers, -- Ben Nagy Marconi Services Network Integration Specialist Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
