Re: Ok to let all ICMP traffic through firewall?
From: Mike Civil (mike_at_duncodin.org)
Date: 09/25/05
- Previous message: Walter Roberson: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Sep 2005 00:11:12 +0000 (UTC)
In article <MPG.1d9e7f311cb8f5db98a10b@news-server.columbus.rr.com>,
Leythos <void@nowhere.lan> wrote:
>Which does not change the fact that I can limit ICMP to my non-partners
>without impact on our communications.
I'm sorry but I don't think you know what you're talking about. As
you've previously quoted, without apparently understanding it, ICMP is
predominantly a mechanism for reporting an error in IP. If you block it,
and don't (or rarely) have an error at the IP level, then your setup
will work - beacause there are no errors and ICMP simply isn't
involved. If an error should occur then your blocking of ICMP could
then prevent you from detecting and diagnosing faults, or allowing your
application(s) to handle them.
But it's your setup, and I think we'll just have to agree to differ.
Mike
- Previous message: Walter Roberson: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
