On 04/21/2013 12:13 PM, James Knott wrote:
Carlos E. R. wrote:
But why does the openSUSE firewall reject that information? I expect that some process in my system is interested in that information. Should I open my firewall for it, and then, how?
I don't know what the situation is with SuSEfirewall, but some people block all ICMP, thinking it will protect them attacks. But in the process they block legitimate ICMP messages which they should be allowing, if they're to use the Internet properly. For example, if you're on the wrong route to a host, a router may generate an ICMP redirect, advising of the proper route. But if all ICMP is blocked, then your computer will not see that and keep trying until it times out.
Yes, also the following icmp types must never be blocked, if SUSEfirewall does not implicitely creates rules always allowing them, then it is absolutely retarded and you should not use it. - icmp fragmentation-needed - icmp time-exceeded -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org