The short summary is that yes it is important to allow many kinds of ICMP messages through from smooth Internet operation.
In particular, the message types 0, 3, 4, 8, 11, 12 are the most useful. ICMP, very broadly speaking, provides a mechanism for reporting failures of TCP and UCP packets. Failure in getting these message through can lead to (most commonly) very long timeouts and other connectivity problems. Full details are in the RFCs. None of this is specific to NTP, but is an IP thing in general. The reasons for blocking ICMP, Ping of Death, are well outdated. I'd like to thank everyone who took to time to educate me on these matters. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
