Craig White wrote:
On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
Should ICMP packets be allowed both over the
Internet or should it be allowed to pass only in
the local networks?
I have a firewall appliance and trying to make sure
that I am being secured properly.
Some must be permitted, your internet connexions won't work at all or
will work badly if they're blocked.
----
disabling icmp echo requests is a great feature for the ultra-paranoid
but only for them:-)
If icmp echo is blocked, people can't ping you. If I can't ping you, it
makes it harder to test whether I can reach you at all, and I may well
come to the wrong conclusion.
If you and I are related parties (I'm trying to help you, you're trying
to figure why I can't use your website) that can cause problems.
For normal use, I wouldn't block any icmp.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)