[Shorewall-users] Silently drop ping.

Tom Eastep teastep at shorewall.net
Mon Dec 15 10:01:35 PST 2003

On Monday 15 December 2003 09:55 am, Francesca C. Smith wrote:
> Hello,
> ICMP echo has taken on a whole new Irritating life in the days since
> blaster .. Its not just 8 anymore .. But yes .. I do get your point ..

Actually, you can probably drop all ICMP in a rule and not hurt anything -- 
any ICMP packets that are important are handled via an ACCEPT 
ESTABLISHED,RELATED rule prior to any rules generated by 

As mentioned on the list recently though, I use this rule which I recommend 
placing before any blanket ICMP drop:

ACCEPT	fw	net	icmp

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list