Re: FIREWALL STRATEGY (What do you think?)

To: Manel Marin <uni00771@pc-internet.com>
Cc: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: FIREWALL STRATEGY (What do you think?)
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Thu, 29 Apr 1999 23:37:39 +0200
Message-id: <[🔎] 19990429233739.B27052@lina.inka.de>
In-reply-to: <[🔎] 19990429072618.A237@p166>; from Manel Marin on Thu, Apr 29, 1999 at 07:26:18AM +0200
References: <[🔎] 19990429072618.A237@p166>

On Thu, Apr 29, 1999 at 07:26:18AM +0200, Manel Marin wrote:
> ABOUT TO BE NOT SEEN:
> I have to accept ICMP type 3 packets "destination unreachable", they are
> used to MTA size negotiation, so I will not be completely not seen...

Actually it is MTU. And you will get ICMP Fragmentation needed (type 4) and
a bunch of others. You can deny all of them, but have a look at the log and
analyse the most frequent ones, will get u better performance and lass
"hanging" connections.

Greetings
Bernd

Reply to:

Follow-Ups:
- Re: FIREWALL STRATEGY (What do you think?)
  - From: tho@thomsen.isdn.cs.tu-berlin.de

References:
- FIREWALL STRATEGY (What do you think?)
  - From: Manel Marin <uni00771@pc-internet.com>

Prev by Date: FIREWALL STRATEGY (What do you think?)
Next by Date: Re: FIREWALL STRATEGY (What do you think?)
Previous by thread: FIREWALL STRATEGY (What do you think?)
Next by thread: Re: FIREWALL STRATEGY (What do you think?)
Index(es):
- Date
- Thread