Re: Ok to let all ICMP traffic through firewall?
From: Steve Welsh (sjw_at_stevew.net)
Date: 09/26/05
- Next message: Mike Civil: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Mike Civil: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Sep 2005 23:14:34 +0100
You totally missed the point of what Dave Civil was trying to say!!
Leythos wrote:
> In article <sxodvi$bk9$r@ddka.demon.co.uk>, a031003
> ${dd}.nospam@ddka.invalid says...
>
>>On Sun, 25 Sep 2005 20:09:12 GMT, Leythos
>><void@nowhere.lan> wrote:
>>
>>
>>>Errors are not fixed by ICMP and are not going to cause a failure in
>>>communications. You can still get the data.
>>
>>Errors may not be "fixed" by ICMP but ICMP may just tell you what you need to
>>do in order to fix something - e.g. ICMP type 3 codes 4, 11 and 12. If you
>>trash the ICMP response then you may end up with a failed connection which
>>would have otherwise worked without any problem - so no - ignoring ICMP does
>>not mean that you still get the data in all circumstances.
>
>
> I agree, but since we allow ICMP to approved sites/connections, but
> block it to the rest of the world, it doesn't really matter if there is
> a problem for the blocked ones - see the point now?
>
- Next message: Mike Civil: "Re: Ok to let all ICMP traffic through firewall?"
- Previous message: Mike Civil: "Re: Ok to let all ICMP traffic through firewall?"
- In reply to:(deleted message) Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Next in thread: Leythos: "Re: Ok to let all ICMP traffic through firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
