From owner-freebsd-security  Mon Aug 21 18:27:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 9BF2837B43C
	for <freebsd-security@FreeBSD.ORG>; Mon, 21 Aug 2000 18:27:20 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id TAA56027;
	Mon, 21 Aug 2000 19:27:18 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id TAA42980; Mon, 21 Aug 2000 19:26:13 -0600 (MDT)
Message-Id: <200008220126.TAA42980@harmony.village.org>
To: Mipam <mipam@ibb.net>
Subject: Re: icmptypes 
Cc: Jaroshenko Serge <jaroshenko@mail.ru>,
	William Wong <willwong@anime.ca>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Mon, 21 Aug 2000 13:17:59 +0200."
		<Pine.LNX.3.95.1000821131544.7312D-100000@ux1.ibb.net> 
References: <Pine.LNX.3.95.1000821131544.7312D-100000@ux1.ibb.net>  
Date: Mon, 21 Aug 2000 19:26:13 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.LNX.3.95.1000821131544.7312D-100000@ux1.ibb.net> Mipam writes:
: Okay, however, why not block in all icmp and let yourself be able to ping
: to the outside. With state keeping you'll recieve the reply's.
: Unless of course you wish ppl to ping you initially?

DO NOT BLOCK ALL ICMP PACKETS.

There, I'm done shouting.  Blocking all ICMP packets breaks path mtu
discovery.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message