Hallo Manuel,

Manuel Kasper schrieb am 24. October 2004:

>- ICMP type matching for filter rules

Very nice indeed ;-)

On my previous Linux router/gateway I rejected unwanted

TCP  with tcp-reset
UDP  with icmp-admin-prohibited
ICMP with icmp-admin-prohibited

As stated on firewall_rules.php I can only reject UDP or TCP packets.
Instead of simply dropping e.g. ICMP-redirect, wouldn't it be better
netizen karma, if I correctly said "rejected, admin has prohibited
this"? Please don't feel picked upon for me being a bean-counter ;)

And yes: I know some broken IP-implementations cannot handle RFC
complying "icmp-admin-prohibited", but do we really care about those
broken and standard-defying products?

Kind regards and thanks for the great work with m0n0wall, especially
1.2b2 really got my hypes up.

Another small feedback to 1.2b2 (first release): works like a charme
for 24h non-stop by now (heavy P2P traffic with many, many
connections). 1.1 still tended to choke a bit with many connections,
the improved time-outs and 30.000 state entries really pay off. I
haven't downloaded the second 1.2b2 release, because I'm not affected
by the "dial-on-demand" bug and don't need to save anything in WAN
interfaces.

Frederick