On Monday 15 December 2003 09:55 am, Francesca C. Smith wrote:
> Hello,
> ICMP echo has taken on a whole new Irritating life in the days since
> blaster .. Its not just 8 anymore .. But yes .. I do get your point ..

Actually, you can probably drop all ICMP in a rule and not hurt anything -- 
any ICMP packets that are important are handled via an ACCEPT 
ESTABLISHED,RELATED rule prior to any rules generated by 

As mentioned on the list recently though, I use this rule which I recommend 
placing before any blanket ICMP drop:

ACCEPT	fw	net	icmp

