On Mon, Jun 24, 2024 at 10:18:49AM -0700, Paul Vixie wrote: > I've blocked UDP in every edge network I've operated since the late 1980s > because it could be used to facilitate firewall bypass in the style of quic. > I might not be alone. Quic is something I'll expect my ALG to use, because > it's a great thing.
I remember ~10 years ago, buying a cheap managed switch that had by default a "DoS protection" enabled that would block any UDP packet larger than 512 bytes... I was instantly hit by for using it at home to connect to my NFS server over UDP. Just logging into its interface and unchecking a box was enough to fix it, but I wouldn't be surprised if such absurdities reached end users even on non-managed devices. At least we should be happy that the protocol fails cleanly in this case and that it permits to remain enabled in the browser without the user noticing anything. With TCP ECN everyone had to forcefully disable it to fix accesses to sites, so we're making progress on this front. Willy
