Firewall Wizards mailing list archives
Re: How automate firewall tests
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Mon, 21 Aug 2006 15:46:32 +0200
Hi, Paul! On Mon, Aug 21, 2006 at 09:17:08AM -0400, Paul D. Robertson wrote:
On Mon, 21 Aug 2006, Patrick M. Hausen wrote:On Fri, Aug 18, 2006 at 10:26:53AM -0700, Shahin Ansari wrote:The doco above says no good firewall should allowe ICMP, ...Then this document is plainly wrong, IMHO. Which one were you referring to? Blocking ICMP completely breaks PMTUD. Which leads to all sorts of "funny" breakage from the end users point of view.Surely you're in full control of the MTU between your firewall and external router? Letting the border router deal with PMTU isn't necessarily a bad thing.
I'm not in control of the MTU along the entire path from server to client. PMTUD is an endpoint mechanism. Or did I get you completely wrong? I'm thinking of e.g. firewall protected public web servers. If you block ICMP, clients that try to access them with a smaller MTU than whatever the server's local interface has got will fail. Regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit -- punkt.de GmbH Internet - Dienstleistungen - Beratung Vorholzstr. 25 Tel. 0721 9109 -0 Fax: -100 76137 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests haim [howard] roman (Aug 23)
- Re: How automate firewall tests sai (Aug 20)
- Re: How automate firewall tests Dave Piscitello (Aug 30)
- Re: How automate firewall tests Richard Golodner (Aug 18)
- Re: How automate firewall tests Marcus J. Ranum (Aug 20)
- Re: How automate firewall tests StefanDorn (Aug 20)
- Re: How automate firewall tests Strabla Ruggero (Aug 20)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Oliver Humpage (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Isaac Van Name (Aug 21)
- Re: How automate firewall tests Shahin Ansari (Aug 20)
- Re: How automate firewall tests Avishai Wool (Aug 22)