On Wednesday 22 Feb 2012 09:10:07 Etienne Champetier wrote:
> Hi
>
> As said by Oliver/olipro in the MSS clamping thread "TCPMSS is ONLY ever
> needed for cases where someone criminally braindead is filtering the
> ICMP", but the default rule is only to accept ICMPv4 echo on the wan ...
>
> Are ICMP like fragmentation needed, destination unreachable... handled by
> conntrack or is this a bad default configuration ?
>
correct, they are handled by conntrack, so providing your --ctstate
ESTABLISHED,RELATED rule is in the right place, all is well.
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
