On Fri, Feb 11, 2005 at 05:02:09PM +0100, Cedric Blancher wrote:
> Le vendredi 11 février 2005 à 10:49 -0500, Jason Opperisano a écrit :
> > in theory--they are RELATED. in practice, i allow them explicitly.
> > looking at one of my firewalls, it appears as though there are ICMP Type
> > 3 packets that get past the RELATED rule and hit the explicit allow rule,
>
> Did you have a look at one of them, just to see if it's a legitimate
> one ? I have experienced some troubles with DNS and port unreachable on
> very slow links, but that was quite unusual.
nah--i don't log them. truthfully, they probably aren't legitimate...but
i'm not terrified of ICMP enough to really be concerned about it.
i'd rather err on the side of allowing too much ICMP than not enough.
-j
--
"Alright brain, you don't like me and I don't like you. But let's just
get through this and then I can get back to killing you with beer."
--The Simpsons
