Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection

• Previous message: Marcus J. Ranum: "RE: [fw-wiz] Real World PIX 535 Performance"
• In reply to: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Reply: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Paul Robertson <proberts@patriot.net>, Dan Harp <danharp@brenius.com>
Date: Sun, 05 Oct 2003 10:38:54 -0400

Paul Robertson wrote:
>*Be careful* filtering ICMP, if you're allowing the DF bit to be set,
>you're going to kill PMTU discovery if you're not careful.

So? Kill it. It was a bad idea in the first place; the standards guys
(once again) didn't think about security boundary devices when
they did their design. If it continues to not work properly, maybe
they'll fix their stupid protocol and be more careful next time. :)

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "RE: [fw-wiz] Real World PIX 535 Performance"
• In reply to: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Reply: Paul Robertson: "Re: [fw-wiz] Firewall Solution - 50 Users on SDSL Connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]