Firewall Wizards: Re: ICMP Packets.

Firewall Wizards mailing list archives

Re: ICMP Packets.

From: "Perry E. Metzger" <perry () piermont com>
Date: Tue, 02 Jun 1998 12:14:48 -0400


"Don Kendrick" writes:

In the standard configuration of you, with a perimeter router, connected
point to point with an ISP's router; there's no reason I can think of
other than troubleshooting to allow ICMP packets to enter your
perimeter.


I think stopping ICMP is, in general, a very bad idea. Among other
things, you totally screw up Path MTU discovery, and you make it hard
to trace network problems. The Path MTU breakage is especially bad --
it will, among other things, impact your network performance.

Perry

By Date By Thread

Current thread:

ICMP Packets. Toddb (Jun 01)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 02)
  - Re: ICMP Packets. Bennett Todd (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. tqbf (Jun 02)
  - Re: ICMP Packets. Darren Reed (Jun 03)
- <Possible follow-ups>
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
- Re: ICMP Packets. Alec Muffett - SunLabs (Jun 02)
- Re: ICMP Packets. James R Grinter (Jun 02)
  - Re: ICMP Packets. Henry Hertz Hobbit (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 03)
    - Re: ICMP Packets. Bennett Todd (Jun 04)
    - Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets. Don Kendrick (Jun 02)
  - Re: ICMP Packets. Perry E. Metzger (Jun 03)

(Thread continues...)