Re: ipfilter, return-icmp and RFC1122

To: tech-net%NetBSD.org@localhost
Subject: Re: ipfilter, return-icmp and RFC1122
From: Dennis Ferguson <dennis.c.ferguson%gmail.com@localhost>
Date: Thu, 5 Jun 2008 20:50:11 -0700


Subnet-specific broadcast addresses are only broadcast addresses on
the subnet with that address.  If they arrive on another interface
you can do anything you would normally do with any packet addressed
to the same subnet, firewall or not, except that by default the
router shouldn't forward the packet onto the subnet where it would be
broadcast.


You mean that the "don't send ICMPs in response to packets sent to
broadcast addresses" actually means "...to packets sent to what on the
incoming interface is a broadcast address"?


Yes, that's a good way to put it.

That treatment applies to more than just sending ICMP errors, actually.
If you have an application which receives packets which might be
sent with a broadcast, you would only recognize packets to a subnet
broadcast address as packets addressed to "you" if they arrived on
an interface on that subnet.

Dennis Ferguson

References:
- Re: ipfilter, return-icmp and RFC1122
  - From: John Nemeth
- Re: ipfilter, return-icmp and RFC1122
  - From: Jim Wise
- Re: ipfilter, return-icmp and RFC1122
  - From: Dennis Ferguson
- Re: ipfilter, return-icmp and RFC1122
  - From: Jim Wise
- Re: ipfilter, return-icmp and RFC1122
  - From: Dennis Ferguson
- Re: ipfilter, return-icmp and RFC1122
  - From: der Mouse

Prev by Date: Re: ipfilter, return-icmp and RFC1122
Next by Date: Re: ipfilter, return-icmp and RFC1122
Previous by Thread: Re: ipfilter, return-icmp and RFC1122
Next by Thread: Re: ipfilter, return-icmp and RFC1122
Indexes:

Home | Main Index | Thread Index | Old Index