On Wed, 19 Jan 2000, Glynn Clements wrote:
> It is preferable to deny everything except that which you specifically
> wish to receive.
Agreed.
> # accept ICMP destination unreachable errors (so that TCP works)
> ipchains -A input -j ACCEPT -p ICMP -s 0/0 destination-unreachable
You also need to accept things like FRAG_NEEDED so pmtu discovery
works nicely.
<snip>
Cheers,
Mark
+-------------------------------------------------------------------------+
Mark Cooke The views expressed above are mine and are not
Systems Programmer necessarily representative of university policy
University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/
+-------------------------------------------------------------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
