[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compare pf with IPTables

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Compare pf with IPTables
From: Holger Weiss <lists_(_at_)_jhweiss_(_dot_)_de>
Date: Mon, 6 Jan 2003 02:49:02 +0100
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

* MikeM <myraq_(_at_)_mgm51_(_dot_)_com> [2003-01-05 12:17]:
> On 1/5/2003 at 6:00 PM Holger Weiss wrote:
> |* MikeM <myraq_(_at_)_mgm51_(_dot_)_com> [2003-01-05 11:46]:
> |> If inbound ICMP is required by the standards, the sample pf.conf
> |> should indicate as much.
> |
> |pf.conf(5) (on a 3.0 box):
> |
> || # ICMP error messages (which always refer to a TCP/UDP packet) are
> || # handled by the TCP/UDP states
> 
> Do those ICMP error messages satisfy the MTU discovery needs

Yes. The ICMP error that you get in the context of PMTU-D[*] refers to
an IP packet you sent (which was to large and had the DF bit set), just
as any other ICMP error message does.

Holger

*) type 3, code 4 (Fragmentation Needed and Don't Fragment was Set)

-- 
Since it's a commercial UNIX operating system, you'll have to go and add
a ton of software to the already bloated load you have. 
------------------------------------------------------------------------
             David L. Cantrell Jr. -- "Installing IRIX 6.5.7 on an Indy"

References:
- Re: Compare pf with IPTables
  - From: MikeM
- Re: Compare pf with IPTables
  - From: Holger Weiss
- Re: Compare pf with IPTables
  - From: MikeM

Prev by Date: i got a sun sparc station 2
Next by Date: multiple connections in isakmpd.conf not seen
Previous by thread: Re: Compare pf with IPTables
Next by thread: apache: access refused from the lan
Index(es):
- Date
- Thread

Visit your host, monkey.org