[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compare pf with IPTables

* MikeM <myraq_(_at_)_mgm51_(_dot_)_com> [2003-01-05 12:17]:
> On 1/5/2003 at 6:00 PM Holger Weiss wrote:
> |* MikeM <myraq_(_at_)_mgm51_(_dot_)_com> [2003-01-05 11:46]:
> |> If inbound ICMP is required by the standards, the sample pf.conf
> |> should indicate as much.
> |
> |pf.conf(5) (on a 3.0 box):
> |
> || # ICMP error messages (which always refer to a TCP/UDP packet) are
> || # handled by the TCP/UDP states
> Do those ICMP error messages satisfy the MTU discovery needs

Yes. The ICMP error that you get in the context of PMTU-D[*] refers to
an IP packet you sent (which was to large and had the DF bit set), just
as any other ICMP error message does.


*) type 3, code 4 (Fragmentation Needed and Don't Fragment was Set)

Since it's a commercial UNIX operating system, you'll have to go and add
a ton of software to the already bloated load you have. 
             David L. Cantrell Jr. -- "Installing IRIX 6.5.7 on an Indy"