On Wed, 13 Feb 2013 01:52:29 +0100, Dag-Erling Smørgrav wrote:
> Mark Felder writes:
> > Dropping ICMP is not a security method. Please stop doing this!
> Slight correction: dropping *all* ICMP is a bad idea. You can get by
> with just unreach. Add timex, echoreq and echorep for troublesho
Mark Felder writes:
> Dropping ICMP is not a security method. Please stop doing this!
Slight correction: dropping *all* ICMP is a bad idea. You can get by
with just unreach. Add timex, echoreq and echorep for troubleshooting.
For IPv6, you want unreach, toobig, neighbrsol and neighbradv. Add
On Sun, 10 Feb 2013 06:48:08 -0600, Janne Snabb wrote:
Please do not drop all ICMP unless you understand what you are doing. By
doing that you are creating a path MTU discovery blackhole.
I was coming here to say the exact thing
Dropping ICMP is not a security method. Please stop doing this!
