redhat-config-securitylevel vs redhat-config-firewall?
Alan Cox
alan at redhat.com
Wed Oct 8 18:43:07 UTC 2003
> My understanding is that RELATED should catch and allow all ICMP error
> messages "related" to current, valid connections. This included ICMP
> "need to fragment" messages.
ICMP messages can arise from midstream routers. In that situation you can't
do useful filtering really. Its a problem for ipsec where the router is
untrusted by the security policy yet to ignore it might lose your
connection.
More information about the test
mailing list