On Friday 11 February 2005 17:02, Cedric Blancher wrote: > Le vendredi 11 février 2005 à 10:49 -0500, Jason Opperisano a écrit : > > in theory--they are RELATED. in practice, i allow them explicitly. > > looking at one of my firewalls, it appears as though there are ICMP Type > > 3 packets that get past the RELATED rule and hit the explicit allow rule, > > Did you have a look at one of them, just to see if it's a legitimate > one ? I have experienced some troubles with DNS and port unreachable on > very slow links, but that was quite unusual. So Cedric, you are basicly saying that if i accept RELATED icmp packets i _should_ be a good internet-citizen? Regards, Victor
