Date: Sun, 3 Sep 2000 19:46:11 +0200 From: Mipam <mipam@ibb.net> To: Nate Williams <nate@yogotech.com> Cc: Robert Watson <rwatson@FreeBSD.ORG>, Dragos Ruiu <dr@kyx.net>, cjclark@alum.mit.edu, "Crist J . Clark" <cjclark@reflexnet.net>, Bill Fumerola <billf@chimesnet.com>, Nicolas <list@rachinsky.de>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw and fragments Message-ID: <20000903194611.A10607@ibb0021.ibb.uu.nl> In-Reply-To: <200009031727.LAA03881@nomad.yogotech.com>; from nate@yogotech.com on Sun, Sep 03, 2000 at 11:27:46AM -0600 References: <0009030256211M.20066@smp.kyx.net> <Pine.NEB.3.96L.1000903094614.69440A-100000@fledge.watson.org> <200009031727.LAA03881@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Actually, isn't the purpose of PMTU to avoid the need to fragment the > packet at intermediate routers? Since PMTU involves both endpoints of > the link, thus allowing the originator to determine *if* a packet of a > particular size can make it all the way from one end to the other w/out > fragmentation. > As far as i can tell, it is :) Nice link for this: http://www.cis.ohio-state.edu/rfc/rfc1191.txt With other words, rfc 1191 has nice info about it. I guess this is another good reason to allow icmp, especially type 3 code 4. Now, i came to icmp again, a remark on the icmp discussion from latest time. No need to explicitly specify to allow icmp type 0 on ipf. Icmp state keeping will result in the answer comming through on the initial icmp type 8. That is, i never experienced trouble doing it this way. That doesnt mean that it's allright. Maybe there are circumstanses in which you wish to explicitly allow icmp type 0 to come in, in which case i'd like to hear about it :) Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000903194611.A10607>