|
|
|
|
|
|
by drclau
2426 days ago
|
|
|
Make sure you don’t block ICMP, which is used by Path MTU Discovery [0]. Blocking ICMP may result in black holed connections. I experienced this just like you with websites not working, and with ssh freezing when doing an ll in a directory with a large number of files, or even when starting mc. In my case, an upstream server was blocking ICMP for no good reason (there’s never a good reason to do it permanently, really). [0]: https://en.m.wikipedia.org/wiki/Path_MTU_Discovery |
|
|
Many types of ICMP messages can be very nasty. ICMP and ICMPv6 RFCs actually describe which messages are importatnt and should not be blocked in any networks, which are dangerous and should be restricted, and varieties between.