ICMP Drop - Part II
After reading the concerns about dropping ICMP packets I was wondering
if this also
applies to a firewall with all inbound traffic blocked. I block
everything from the outside
and SNAT internet traffic from my local workstations to my external IP.
'fragmentation needed' packets are sent to my IP, they would only come
in reply to a
connection I've made and thus be associated with an existing connection
right? So they
would be accepted as part of the NAT'ed connection.
Is the above true? I understand about applications that work on an IP to
IP basis like
MSN, but am I right for everything that works without special firewall
Hope this is not too stupid of a question..