Re: Questions about ICMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Craig White wrote:
On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
Should ICMP packets be allowed both over the
Internet or should it be allowed to pass only in
the local networks?

I have a firewall appliance and trying to make sure
that I am being secured properly.

Some must be permitted, your internet connexions won't work at all or will work badly if they're blocked.


----
disabling icmp echo requests is a great feature for the ultra-paranoid

but only for them:-)

If icmp echo is blocked, people can't ping you. If I can't ping you, it makes it harder to test whether I can reach you at all, and I may well come to the wrong conclusion.

If you and I are related parties (I'm trying to help you, you're trying to figure why I can't use your website) that can cause problems.

For normal use, I wouldn't block any icmp.

--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux