Questions about ICMP
John Summerfield
debian at herakles.homelinux.org
Thu Dec 6 02:01:04 UTC 2007
Craig White wrote:
> On Wed, 2007-12-05 at 15:27 -0800, Daniel B. Thurman wrote:
>> Should ICMP packets be allowed both over the
>> Internet or should it be allowed to pass only in
>> the local networks?
>>
>> I have a firewall appliance and trying to make sure
>> that I am being secured properly.
Some must be permitted, your internet connexions won't work at all or
will work badly if they're blocked.
> ----
> disabling icmp echo requests is a great feature for the ultra-paranoid
but only for them:-)
If icmp echo is blocked, people can't ping you. If I can't ping you, it
makes it harder to test whether I can reach you at all, and I may well
come to the wrong conclusion.
If you and I are related parties (I'm trying to help you, you're trying
to figure why I can't use your website) that can cause problems.
For normal use, I wouldn't block any icmp.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-list
mailing list