> On Tue, Sep 21, 1999 at 01:35:57AM -0700, M Graff wrote:
> > It seems people who write firewall rules are idiots these days.  Most
> > places recommend blocking "all ICMP" -- which breaks M$'s
> > implementation of Path MTU discovery quite nicely.
> 
> It's a problem to break Microsoft's implementation?

Michael misspoke.

Blocking all ICMP's breaks *all* known Path MTU discovery
implementations, because PMTUD depends on receiving ICMP
unreachable/"fragmentation needed but DF set" errors from the
bottleneck router.

					- Bill