From: Tom E. <te...@sh...> - 2003-04-01 14:55:29
|
On 1 Apr 2003, Donovan Baarda wrote: > > Is it really that bad? The particular problem I was reporting only > affected the firewall sending icmp time-exceeded packets. > > > Currently shorewall 1.4.1a is unable to do PMTU because of all icmp is > > turned off by default. With not accepting any icmp shorewall has dropped > > to category "borken firewalls" :-(. > > Is this really the case? If so, this is serious enough for me to roll > back to 1.3. > It is not the case -- If you want to pick up a version of the code that has the 1.4.2 fix in it, get: ftp://ftp1.shorewall.net/pub/shorewall/errata/1.4.1/firewall -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ te...@sh... |