On 2003-09-23 at 10:50, pineapple wrote: > So far my node seems to be working ok as well as my web server, mail > server and ftp server. I didn't consider that these messages could > impact my network. What outside ICMP traffic would you NOT block > (besides PMTU as you said)?
I have not been able to find any consensus on which ICMP packets to allow. Personally I allow everything that Linux iptables considers related traffic. ICMP is tricky - as an example, Linux iptables /still/ rejects with port-unreachable when it should reject with admin-prohibited. Oh and when you block the wrong thing, everything will seem to work. Until someone with a low MTU link somewhere on the path to you tries to e.g. browse your web site. They probably won't tell you that your site is broken. /Benny _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
