On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote: > I???ve reviewed some of the stuff out there, but apparently I???m > catching too many of the ICMP types in the rejection as routing eventually > breaks. My guess is router discovery gets broken by too tight of filters.
That's a good guess, but I would also guess that path MTU discovery may be breaking. (Or not.) I think you may want to implement RFC 4890, with a look at RFC 4443. ---rsk
