This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1718178538-1360750060=:71572 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Wed, 13 Feb 2013 09:28:00 +0100, Dag-Erling Sm鷨grav wrote: > Ian Smith <[email protected]> writes: > > Dag-Erling Sm鷨grav <[email protected]> writes: > > > Slight correction: dropping *all* ICMP is a bad idea. You can get by > > > with just unreach. Add timex, echoreq and echorep for troubleshooting. > > rc.firewall, phk@? has long recommended 3,4,11 as "essential" icmptypes. > > Are there any negative security implications to including source quench? > > See RFC 6633 (http://tools.ietf.org/html/rfc6633) and the literature it > references, particularly RFC 5927 (http://tools.ietf.org/html/rfc5927). > TL;DR: they were a bad idea to begin with, and nobody implements them > anyway. Fair enough, thanks for the refs, I'm just so out of date .. still chewing on the second and I have a nice fresh icmp-parameters.txt cheers, Ian --0-1718178538-1360750060=:71572 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]" --0-1718178538-1360750060=:71572--