On Sun, Apr 21, 2013 at 02:41:37PM -0300, Cristian Rodríguez wrote:
El 21/04/13 14:29, Togan Muftuoglu escribió:
On 04/21/2013 05:43 PM, Cristian Rodríguez wrote:
Yes, also the following icmp types must never be blocked, if SUSEfirewall does not implicitely creates rules always allowing them, then it is absolutely retarded and you should not use it.
In SuSEfirewall2 safe_icmp_replies and safe_icmp_replies6 defines what are allowed
- icmp fragmentation-needed
That one is missing
- icmp time-exceeded
It is there
Carlos, maybe better to bugzilla the icmp fragmentation-needed
Huh. if it is *really* not there, then SUSEfirewall will break Path MTU discovery ...(!?!?)
The ICMP related match should take care of it. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org