For those who don't know what Damien and I are on about...<br><br><a href="http://en.wikipedia.org/wiki/Path_MTU_Discovery">http://en.wikipedia.org/wiki/Path_MTU_Discovery</a><br><br>and<br><br><a href="http://www.znep.com/~marcs/mtu/">http://www.znep.com/~marcs/mtu/</a><br>
<br>Explain the issue with blocking all ICMP<br><br>Regards,<br>Grant.<br><br><div class="gmail_quote">On Wed, Jan 5, 2011 at 1:42 PM, Kris Amy <span dir="ltr"><<a href="mailto:kris@amy.id.au">kris@amy.id.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">There is a default deny all in front of that box.<br>
<br>
I will open it up a bit more. I only opened the APRS ports initially<br>
to get it up and running for testing.<br>
<br>
Cheers,<br>
<font color="#888888">K<br>
</font><div><div></div><div class="h5"><br>
On 5 January 2011 12:24, Damien Gardner Jnr <<a href="mailto:rendrag@rendrag.net">rendrag@rendrag.net</a>> wrote:<br>
> Indeedy.<br>
> Though it's been my experience that 99% of 'sys admins' don't know the<br>
> difference between just blocking ICMP as a whole, and blocking only certain<br>
> ICMP packet types.. :\<br>
> --DG<br>
> On 05/01/2011, at 1:22 PM, Grant Diffey wrote:<br>
><br>
> My 2 cents.<br>
><br>
> Blocking ICMP echo is annoying but not disasterous..<br>
><br>
> Blocking all ICMP is incompetence.<br>
><br>
><br>
><br>
> On Wed, Jan 5, 2011 at 1:20 PM, Damien Gardner Jnr <<a href="mailto:rendrag@rendrag.net">rendrag@rendrag.net</a>><br>
> wrote:<br>
>><br>
>> s/sane/incompetent.<br>
>><br>
>><br>
>> On 05/01/2011, at 1:19 PM, Dave Horsfall wrote:<br>
>><br>
>> > On Wed, 5 Jan 2011, Damien Gardner Jnr wrote:<br>
>> ><br>
>> >> You might want to bring it online.. not responding to pings, and<br>
>> >> traceroute stops at pipe qld.. :-p<br>
>> ><br>
>> > No sane sysadmin accepts those from other than trusted sources.<br>
>> ><br>
>> > -- Dave<br>
>> > _______________________________________________<br>
>> > OZAPRS mailing list<br>
>> > <a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
>> > <a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" target="_blank">http://lists.aprs.net.au/mailman/listinfo/ozaprs</a><br>
>><br>
>> _______________________________________________<br>
>> OZAPRS mailing list<br>
>> <a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
>> <a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" target="_blank">http://lists.aprs.net.au/mailman/listinfo/ozaprs</a><br>
><br>
> _______________________________________________<br>
> OZAPRS mailing list<br>
> <a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
> <a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" target="_blank">http://lists.aprs.net.au/mailman/listinfo/ozaprs</a><br>
><br>
><br>
> _______________________________________________<br>
> OZAPRS mailing list<br>
> <a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
> <a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" target="_blank">http://lists.aprs.net.au/mailman/listinfo/ozaprs</a><br>
><br>
><br>
_______________________________________________<br>
OZAPRS mailing list<br>
<a href="mailto:OZAPRS@aprs.net.au">OZAPRS@aprs.net.au</a><br>
<a href="http://lists.aprs.net.au/mailman/listinfo/ozaprs" target="_blank">http://lists.aprs.net.au/mailman/listinfo/ozaprs</a><br>
</div></div></blockquote></div><br>