ICMP does matter!

I swear, some day I'm going to ...

<breathe slowly>

Okay. There are some firewall admins on this planet who'd better not get too close to me. ICMP is not a joke — it's an important diagnostic tool. Consider this:

wouter@country:~/debian/webwml$ cvs up -dP
gluck.debian.org: No route to host
cvs [update aborted]: end of file from server (consult above messages if any)

wouter@country:~/debian/webwml$ ping gluck.debian.org
PING gluck.debian.org (195.25.206.10) 56(84) bytes of data.
64 bytes from gluck.debian.org (195.25.206.10): icmp_seq=1 ttl=43 time=183 ms
64 bytes from gluck.debian.org (195.25.206.10): icmp_seq=1 ttl=43 time=164 ms

--- gluck.debian.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 164.841/174.110/183.380/9.278 ms

See?

Then I remembered that I'd had this before, and that back then, ethereal showed me that the problem was of an entirely different kind:

wouter@country:~/debian/webwml$ CVS_RSH=ssh cvs up -dP
Password:

Right. Read the RFC, you <censored>: if you want to firewall away a port, you don't send an ICMP host unreachable; rather, you send an ICMP port unreachable.

There. Feeling much better now.

Now why do I have rsh installed on my system? Hm.

wouter@country:~/debian/webwml$ sudo apt-get --purge remove rsh-client

Another 123kB saved on my hard disk. As if that would matter...