Glynn Clements wrote: > Personally I suggest allowing the following ICMP types: > > 0 Echo Reply > 3 Destination Unreachable > 11 Time Exceeded > 12 Parameter Problem > > and dropping the rest (you must allow ICMP type 3). Why must type 3 be allowed? Wouldn't it make it harder to do portscans and similar things, if one drops all outgoing "Destination Unreachable" packets? Regards, Anders K. Pedersen - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
