Manuel Kasper schrieb am 24. October 2004:
>- ICMP type matching for filter rules
Very nice indeed ;-)
On my previous Linux router/gateway I rejected unwanted
TCP with tcp-reset
UDP with icmp-admin-prohibited
ICMP with icmp-admin-prohibited
As stated on firewall_rules.php I can only reject UDP or TCP packets.
Instead of simply dropping e.g. ICMP-redirect, wouldn't it be better
netizen karma, if I correctly said "rejected, admin has prohibited
this"? Please don't feel picked upon for me being a bean-counter ;)
And yes: I know some broken IP-implementations cannot handle RFC
complying "icmp-admin-prohibited", but do we really care about those
broken and standard-defying products?
Kind regards and thanks for the great work with m0n0wall, especially
1.2b2 really got my hypes up.
Another small feedback to 1.2b2 (first release): works like a charme
for 24h non-stop by now (heavy P2P traffic with many, many
connections). 1.1 still tended to choke a bit with many connections,
the improved time-outs and 30.000 state entries really pay off. I
haven't downloaded the second 1.2b2 release, because I'm not affected
by the "dial-on-demand" bug and don't need to save anything in WAN