On 2024-06-14 05:50, Ed Maste wrote:
On Wed, 12 Jun 2024 at 18:05, Chris <bsd-li...@bsdforge.com> wrote:
As Rodeney already effectively explains; dropping packets makes routing,
and discovery exceedingly difficult. Which is NOT what the average user
wants,
This is on end hosts only, not routers (which already drop ICMP REDIRECT).
or expects. I use "set block-policy drop" in pf(4). But as already noted,
this is for "filtering" purposes. Your suggestion also has the negative
affect
of hanging remote ports. Which can result in other negative results by
peers.
I don't follow -- how does a host not processing ICMP REDIRECT cause
these effects?
It appears I may have overstated my point here. Dropping redirects isn't
(necessarily) out of line. I was thinking in terms of dropping (all) queries.
Which is wrong in this context. Sorry. :)
Thanks for taking the time to respond.
--Chris
