ICMP Packets.

Perry E. Metzger perry@piermont.com
Tue, 02 Jun 1998 12:14:48 -0400


"Don Kendrick" writes:
> In the standard configuration of you, with a perimeter router, connected
> point to point with an ISP's router; there's no reason I can think of
> other than troubleshooting to allow ICMP packets to enter your
> perimeter.

I think stopping ICMP is, in general, a very bad idea. Among other
things, you totally screw up Path MTU discovery, and you make it hard
to trace network problems. The Path MTU breakage is especially bad --
it will, among other things, impact your network performance.

Perry