David Wilson wrote:
>
> True, but damn it's irritating in my Linux ipchains firewall logs ;-)
> Thanks for the guidance anyways.
It you get firewall log entries for normal ICMP packets which are part
of normal TCP/IP communication then you need to fix your firewall to not
drop those packets, else some parts of TCP will behave badly.
It is mainly the "destination unreachable" family of ICMP packets that
you need to allow. Used by
UDP when the receiver is not listening (commonly seen in DNS from the
client to the server due to timing, but not critical for the operation)
TCP for Path MTU discovery (quite critical. TCP hangs otherwise)
IP to speed up the failure notice when you try to go to a destination
host that is unreachable (good, but not critical)
-- Henrik Nordstrom Squid hacker -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sat Feb 17 2001 - 00:49:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:02 MST