Re: reduction of brute force log

[Martijn Lievaart <m () rtij nl>]

Gary E. Miller wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yo Bob!
>
> On Tue, 28 Feb 2006, Bob Radvanovsky wrote:
>
>  
>
> > I am going to test these rules out -- this looks REALLy good!  But...I'v
> > e got just ONE question: why on Earth would you permit ICMP???
> >    
>
> No ICMP means no P-MTU.  No P-MTU mean non-working tunnels.
>
> You want to shoot yourself in the foot, tben go ahead and block ICMP.
>  

All icmp messages related to pmtud are just that, RELATED. So they are 
allowed by a previous rule.

M4

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/