ICMP Drop - Part II

To: debian-firewall@lists.debian.org
Subject: ICMP Drop - Part II
From: Menno Scholten <m.scholten@planet.nl>
Date: Thu, 09 Oct 2003 21:58:30 +0200
Message-id: <[🔎] 3F85BDE6.3080002@planet.nl>

Hey folks.

After reading the concerns about dropping ICMP packets I was wonderingif this alsoapplies to a firewall with all inbound traffic blocked. I blockeverything from the outsideand SNAT internet traffic from my local workstations to my external IP.If those'fragmentation needed' packets are sent to my IP, they would only comein reply to aconnection I've made and thus be associated with an existing connectionright? So they

would be accepted as part of the NAT'ed connection.

Is the above true? I understand about applications that work on an IP toIP basis likeMSN, but am I right for everything that works without special firewallrules?


Hope this is not too stupid of a question..

Tia,
-Menno

Reply to:

Follow-Ups:
- Re: ICMP Drop - Part II
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: ICMP drop.
Next by Date: Re: ICMP drop.
Previous by thread: Help with 2 level network
Next by thread: Re: ICMP Drop - Part II
Index(es):
- Date
- Thread