zlacker

[parent] [thread] 1 comments
1. apstls+(OP)[view] [source] 2026-01-13 22:03:04
That's why you discard ICMP errors.
replies(1): >>eqvino+MW
2. eqvino+MW[view] [source] 2026-01-14 05:09:16
>>apstls+(OP)
If anything, that's why you discard ICMP port unreachable, which I assume you meant.

If you're blanket dropping all ICMP errors, you're breaking PMTUD. There's a special place reserved in hell for that.

(And if you're firewalling your ICMP, why aren't you firewalling TCP?)

[go to top]