[fpc-devel] webserver

Micha Nelissen micha at neli.hopto.org
Thu Mar 31 10:51:09 CEST 2005


On Wed, 30 Mar 2005 22:18:24 +0200 (CEST)
Michael Van Canneyt <michael at freepascal.org> wrote:

> 
> 
> On Wed, 30 Mar 2005, Micha Nelissen wrote:
> 
> > Yes, any sensible sysadmin ought to know that ICMP fragment error
> > packets (type 3, code 4?) should always be allowed.
> 
> Can you please translate this to plain english ?

ICMP packets are used to designate certain errors in network flow. If you block all ICMP packets then you take away the error reporting capability.

Linux firewall should have something like:

iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT

Micha




More information about the fpc-devel mailing list