Hi

Different physical media eg ethernet, serial etc. have different MTU's (maximum tranmission unit). If a router receives a packet on one interface and needs to send it out on another interface that has a smaller MTU then the router splits the packet up into fragments and tramsmits them.

However if the DF (Do not Fragment) bit is set in the packet then the router cannot split up the packet and it sends an ICMP packet to the source saying the packet is too big for the physcial media and then discards the original packet.

This is what the above is doing. It is saying allow any packet-too-big ICMP messages to be allowed in. This is quite a common thing because if you block these type of ICMP messages you can get intermittent connectivity issues.

There is also something called PMUTD (Path MTU Discovery). The overhead of fragmentation is quite high so this is an attempt to make sure that the MTU is never too big for a link. So before actual data is sent a packet is sent with the DF bit set. If it gets all the way to destination host then the packet has not had to be frgamented. If a packet-too-big ICMP message comes back then it knows somewhere along the path the MTU is smaller than the original packet size so it then sends out another packet with a smaller MTU until it does not get a packet-too-big ICMP message back.

Hope this makes sense

Jon