In article <[EMAIL PROTECTED]>,
James Sutherland <[EMAIL PROTECTED]> wrote:
>On Sun, 28 Jan 2001, jamal wrote:
>> The internet is a form of organized chaos, sometimes you gotta make
>> these type of decisions to get things done. Imagine the joy _most_
>> people would get flogging all firewall admins who block all ICMP.
>
>Blocking out ICMP doesn't bother me particularly. I know they should be
>selective, but it doesn't break anything essential.
It breaks Path MTU Discovery. If you have a link somewhere in your
network (not at an endpoint, or TCP MSS will take care of it) that
has an MTU < 1500, you cannot reach hotmail and a lot of other sites
either currently. It _does_ break essential things. Daily. I would
get a lot of joy from flogging all firewall admins who block all ICMP.
Mike.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
