Re: ECN: Clearing the air (fwd)

Andi Kleen (ak@suse.de)
Sun, 28 Jan 2001 15:54:36 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stefani Seibold: "patch for 2.4.0 disable printk and panic messages, third try"
Previous message: Hugh Dickins: "[PATCH] udf writepage UnlockPage"

On Sun, Jan 28, 2001 at 01:29:52PM +0000, James Sutherland wrote:
> > The internet is a form of organized chaos, sometimes you gotta make
> > these type of decisions to get things done. Imagine the joy _most_
> > people would get flogging all firewall admins who block all ICMP.
>
> Blocking out ICMP doesn't bother me particularly. I know they should be
> selective, but it doesn't break anything essential.

Ever heard of path mtu discovery? For example you essentially blocked out
most people behind IP tunnels from your site (at least those who do not
do MSS hacks)

In addition to breaking pmtu disc (which is a real showstopper for many setups),
it also have some negative effects on your servers. For example when your
mail server is for some reason trying to contact an unreachable host to
deliver a mail it'll not notice except after having wasted lots of bandwidth
and resources trying to contact the host again and again, even when the ICMP
clearly tells that it won't work.

-Andi (who would join into Miquel's flogging)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stefani Seibold: "patch for 2.4.0 disable printk and panic messages, third try"
Previous message: Hugh Dickins: "[PATCH] udf writepage UnlockPage"