Oh DAMN! I hate it when I have to respond to my own posting
due to a brain fart.
On Mon, Aug 07, 2000 at 09:20:45AM -0400, Michael H. Warfield wrote:
> On Mon, Aug 07, 2000 at 08:32:47PM +0800, Ronneil Camara wrote:
> > I have found an ICMP Type and codes.
> > So which Type should I ALLOW and which Type should I DENY?
> > Type Code Name
> > 0 * Echo Reply
> > 3 * Destination Unreachable
> > 0 Net Unreachable
> > 1 Host Unreachable
> > 3 Port unreachable
> > 4 Fragmentation Needed but DF set
> You need this last one (3:0, ICMP_DEST_UNREACH:ICMP_FRAG_NEEDED)
Sorry - That was suppose to be 3:4, not 3:0 (Duh!!!).
> in order to get MTU discovery to work. Breaking that can be a bad thing.
> BTW... I have "ICMP_DEST_UNREACH" all the way up to 15 (which is
> "ICMP_PREC_CUTOFF" - Precedence cut off).
[...]
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
