On 5 Jun 2008, at 19:08 , Steven M. Bellovin wrote:
On Thu, 5 Jun 2008 18:30:56 -0700 Dennis Ferguson <dennis.c.ferguson%gmail.com@localhost> wrote:Broadcast-addressed packets should never transit a router which is working properly by default, firewall or not.You're quite correct. Note well, though, that 1122 is *host* requirements, and very deliberately does not discuss *router* requirements.
That's true, but the constraints on sending ICMP errors in section 4.3.2.7 of RFC 1812 are pretty much identical to those of section 3.2.2 in 1122. On the particular, limited topic of when to not send ICMP errors the distinction between hosts and routers doesn't matter much. Dennis Ferguson