On Thu, 30 May 2002, Antony Stone wrote: > > Antony, ever heard of TCP MTU Discovery? > > Er, yes, it's a mechanism whereby machines communicating by TCP find out the > maximum size of packets which can be transmitted between them, across > whatever underlying protocol connects them. > > > Please read up on it and try again. > > What is the point you are trying to make ?
If you filter all incoming ICMP, you'll break TCP MTU Discovery. Discovery relies on sender receiving ICMP "Datagram too big, must fragment but DF is set". If that datagram is filtered, you'll run into problems. -alex
