[Shorewall-users] Silently drop ping.
teastep at shorewall.net
Mon Dec 15 10:01:35 PST 2003
On Monday 15 December 2003 09:55 am, Francesca C. Smith wrote:
> ICMP echo has taken on a whole new Irritating life in the days since
> blaster .. Its not just 8 anymore .. But yes .. I do get your point ..
Actually, you can probably drop all ICMP in a rule and not hurt anything --
any ICMP packets that are important are handled via an ACCEPT
ESTABLISHED,RELATED rule prior to any rules generated by
As mentioned on the list recently though, I use this rule which I recommend
placing before any blanket ICMP drop:
ACCEPT fw net icmp
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users