Firewall Wizards mailing list archives
Re: Firewall Solution - 50 Users on SDSL Connection
From: Paul Robertson <proberts () patriot net>
Date: Sun, 5 Oct 2003 11:07:49 -0400 (EDT)
On Sun, 5 Oct 2003, Marcus J. Ranum wrote:
Paul Robertson wrote:*Be careful* filtering ICMP, if you're allowing the DF bit to be set, you're going to kill PMTU discovery if you're not careful.So? Kill it. It was a bad idea in the first place; the standards guys (once again) didn't think about security boundary devices when they did their design. If it continues to not work properly, maybe they'll fix their stupid protocol and be more careful next time. :)
Nope, you'll just kill things for your users. Stripping out DF, now there's a good idea. I can't imagine that stripping DF (or turning it off) would hurt most anywhere these days... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Solution - 50 Users on SDSL Connection Dan Harp (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: File type filtering (Was: Firewall Solution - 50 Users on SDSL Connection) Mikael Olsson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Marcus J. Ranum (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Paul Robertson (Oct 05)
- Re: Firewall Solution - 50 Users on SDSL Connection Devdas Bhagat (Oct 05)