Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 10/05/03

  • Next message: Paul Robertson: "Re: [fw-wiz] Personal Firewall Day?"
    To: Paul Robertson <proberts@patriot.net>, Dan Harp <danharp@brenius.com>
    Date: Sun, 05 Oct 2003 10:38:54 -0400
    
    

    Paul Robertson wrote:
    >*Be careful* filtering ICMP, if you're allowing the DF bit to be set,
    >you're going to kill PMTU discovery if you're not careful.

    So? Kill it. It was a bad idea in the first place; the standards guys
    (once again) didn't think about security boundary devices when
    they did their design. If it continues to not work properly, maybe
    they'll fix their stupid protocol and be more careful next time. :)

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Robertson: "Re: [fw-wiz] Personal Firewall Day?"