Why a discussion to drill the firewall with very tricky things?
(it's sound to me like the same sh... stun and other legacy ipv4 horrors.)
In my opinion the firewall should be configurable (unfortunately
DTAG-speedport-series, including the hybrid-modell dsl/lte can't) by
upnp or by the user.
Sorry, the thread is slightly off topic. But one of the first questions
was about "premium" maybe also meaning comfort. There are soho-routers
with comfortable firewalls, but not the "standard"-models.
And also AVM has one handicap - the integrated vpn doesn't support IPv6.
Thomas
Am 13.02.2015 um 15:22 schrieb Steinar H. Gunderson:
On Fri, Feb 13, 2015 at 02:12:31PM +0000, Phil Mayers wrote:
As above, depends on how they're using the socket API. As a rule for
UDP connections, you actually have to put *more* work in to see ICMP
errors. It's certainly possible to ignore them.
FWIW, at least on Linux, if you keep doing send() on an UDP connection where
the other end sends ICMP destination unreachable, you'll get errors back
(ECONNREFUSED) eventually, although typically not on every packet you send.
/* Steinar */
--
