Note that a transparent-proxy (a.k.a. transport-layer) firewall causes
packet reassembly, so it will play the PMTU game separately on each
side. A packet filter (a.k.a. network-layer firewall) must pass the
relevant ICMP packets through.
Does anyone have a good list of ICMP and IGMP packets that
should/should not be safely packet filtered? I presume this will be a
list looking something like:
Type FOO can always be filtered out
Type BAR must never be filtered out
Type QUUX must only be filtered for incoming packets for which
<magic_address> is within the inside network
-hpa
-- PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74 See http://www.zytor.com/~hpa/ for web page and full PGP public key Always looking for a few good BOsFH. ** Linux - the OS of global cooperation I am Baha'i -- ask me about it or see http://www.bahai.org/