dick, i beg to differ. i must concur strongly with antony. if you cripple icmp, your networks will break... -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Dick St.Peters Sent: Tuesday, July 13, 2004 2:55 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: SSH Connections Lost After 1 minute idle Antony Stone writes: > On Tuesday 13 July 2004 9:57 pm, Real Cucumber wrote: > > > Why should ICMP not be completely blocked? The machine > > is used strictly as a port forwarding firewall/router. > > Because blocking all ICMP will break networking. Look up the RFCs explaining > what ICMP is for if you do not understand this. I would like to second this vigorously, although I would phrase it differently: blocking ICMP makes networks fragile. Fragile networks break easily when anything out of the ordinary happens. -- Dick St.Peters, stpeters@xxxxxxxxxxxxx