I noticed redhat-config-securitylevel got the following change, and was wondering about the rationale (bug 104561 seemed to be marked private last time I checked)
* Thu Sep 18 2003 Bill Nottingham notting@redhat.com 1.2.8-1
- allow ICMP in general (#104561)
I was under the impression the previous version which allowed echo and --state RELATED,ESTABLISHED allows all the icmp traffic that is necessary to be a Good Internet Citizen (tm), but obviously there was some case it didn't cover :-)
Pekka Pietikainen (pp@ee.oulu.fi) said:
I noticed redhat-config-securitylevel got the following change, and was wondering about the rationale (bug 104561 seemed to be marked private last time I checked)
- Thu Sep 18 2003 Bill Nottingham notting@redhat.com 1.2.8-1
- allow ICMP in general (#104561)
I was under the impression the previous version which allowed echo and --state RELATED,ESTABLISHED allows all the icmp traffic that is necessary to be a Good Internet Citizen (tm), but obviously there was some case it didn't cover :-)
The bug reprot was about 'need-to-fragment' messages, among others.
Bill
On Wed, 2003-10-01 at 12:01, Bill Nottingham wrote:
Pekka Pietikainen (pp@ee.oulu.fi) said:
I noticed redhat-config-securitylevel got the following change, and was wondering about the rationale (bug 104561 seemed to be marked private last time I checked)
- Thu Sep 18 2003 Bill Nottingham notting@redhat.com 1.2.8-1
- allow ICMP in general (#104561)
I was under the impression the previous version which allowed echo and --state RELATED,ESTABLISHED allows all the icmp traffic that is necessary to be a Good Internet Citizen (tm), but obviously there was some case it didn't cover :-)
The bug reprot was about 'need-to-fragment' messages, among others.
need-to-fragment is the only one that matters, really.
AFAIK "RELATED" matches it. Like I said, I'm going to setup a test topology to verify it with my own eyes. I haven't yet done it yet. Maybe next week.
Dax Kelson Guru Labs
need-to-fragment is the only one that matters, really.
AFAIK "RELATED" matches it. Like I said, I'm going to setup a test topology to verify it with my own eyes. I haven't yet done it yet. Maybe next week.
DNS can get quite upset if port unreach replies are not allowed back in some cases
Is there a on-going development for iwconfig which might concide with pcmcia-cs development for this beta testing? Anyone having any problem with the wireless part of this Severn? I mean is there a reason why RH hadnt updated their pcmcia-cs to 3.2.4 version?