Le jeu 01/07/2004 à 11:52, Piszcz, Justin Michael a écrit : > He was talking about pinging from behind his NAT, it has nothing to do > with people pinging him, FYI. I picked the thread at this stage, and for what I understood, your statement about ICMP filtering was far more general than this very situation with some profitable ruleset : > ICMP is "allowed" when you -I INPUT ESTABLISHED,RELATED. > You do not have to allow it explicitly (ie: allow icmp so other > machines can ping your machine). Anyway, even in this kind of situation, NAT handling is one thing, and filtering is another. So, depending on how your filtering rules are implemented, your statement remains wrong. I don't mean to be aggressive upon you, but for what I read from this thread, you made a wrong statement about ICMP filtering, and that's it. Bas faith arguing on some special background context has no relevance. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
