micha at neli.hopto.org
Thu Mar 31 10:51:09 CEST 2005
On Wed, 30 Mar 2005 22:18:24 +0200 (CEST)
Michael Van Canneyt <michael at freepascal.org> wrote:
> On Wed, 30 Mar 2005, Micha Nelissen wrote:
> > Yes, any sensible sysadmin ought to know that ICMP fragment error
> > packets (type 3, code 4?) should always be allowed.
> Can you please translate this to plain english ?
ICMP packets are used to designate certain errors in network flow. If you block all ICMP packets then you take away the error reporting capability.
Linux firewall should have something like:
iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT
More information about the fpc-devel