Antony Stone writes: > On Tuesday 13 July 2004 9:57 pm, Real Cucumber wrote: > > > Why should ICMP not be completely blocked? The machine > > is used strictly as a port forwarding firewall/router. > > Because blocking all ICMP will break networking. Look up the RFCs explaining > what ICMP is for if you do not understand this. I would like to second this vigorously, although I would phrase it differently: blocking ICMP makes networks fragile. Fragile networks break easily when anything out of the ordinary happens. -- Dick St.Peters, stpeters@xxxxxxxxxxxxx
