[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ICMP Drop - Part II

Hey folks.

After reading the concerns about dropping ICMP packets I was wondering if this also applies to a firewall with all inbound traffic blocked. I block everything from the outside and SNAT internet traffic from my local workstations to my external IP. If those 'fragmentation needed' packets are sent to my IP, they would only come in reply to a connection I've made and thus be associated with an existing connection right? So they
would be accepted as part of the NAT'ed connection.

Is the above true? I understand about applications that work on an IP to IP basis like MSN, but am I right for everything that works without special firewall rules?

Hope this is not too stupid of a question..


Reply to: