Date: Tue, 12 Feb 2013 10:11:42 -0600 From: Mark Felder <feld@feld.me> To: khatfield@socllc.net, Janne Snabb <snabb@epipe.com> Cc: freebsd-isp@freebsd.org, freebsd-security@freebsd.org, James Howlett <jim.howlett@outlook.com> Subject: Re: FreeBSD DDoS protection Message-ID: <op.wsehxssd34t2sn@tech304.office.supranet.net> In-Reply-To: <51179708.2030206@epipe.com> References: <SNT002-W152BF18F12BD59F112A1CBAE5040@phx.gbl> <321927899.767139.1360461430134@89b1b4b66ec741cb85480c78b68b8dce.nuevasync.com> <51179708.2030206@epipe.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Feb 2013 06:48:08 -0600, Janne Snabb <snabb@epipe.com> wrote: > Please do not drop all ICMP unless you understand what you are doing. By > doing that you are creating a path MTU discovery blackhole. I was coming here to say the exact thing Dropping ICMP is not a security method. Please stop doing this!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wsehxssd34t2sn>