On Friday 18 February 2005 00:30, Dean Anderson wrote: > No, that would be wildly wrong. > > Necessary messages: (never block) > 3 Destination Unreachable > (block code 4 and break PATH MTU) > (other codes are "Nice") Oh nice tip :) It made me revisit my firewall script, and I found this: $IPTABLES -A icmp_packets -p ICMP --icmp-type 11 -j ACCEPT #dest unreach So I had the right idea to permit dest-unreach.. just had the wrong type-number.. thanks for the memory jog! Cheers, Gavin.
