> > > Just learning about this: I can see the advantages but does
> > anything use it?
> >
> > Sure, TCP uses it.
> >
> So... thinking about what this means for firewalls and natd. If we block all
> incoming ICMP's across the firewall
The moral of the story is don't block *ALL* incoming ICMP's across the
firewall. :)
Something like:
/sbin/ipfw add 1000 pass icmp from any to any via ${netif} icmptypes 0,3,11
Works for me, although you may not want type 11 packets coming in. (I
allow them in, so I can run traceroute);
Nate
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
