No, that would be wildly wrong. Necessary messages: (never block) 3 Destination Unreachable (block code 4 and break PATH MTU) (other codes are "Nice") Good Messages: (never harmful) 11 Time to live Exceeded Nice messages: (sometimes harmful) 4 Source Quench 8/0 Echo Request/Reply 12 Parameter Problem 13/14 Timestamp Request/Reply 15/16 Information Request/Reply Dangerous (ought to be blocked, unless you know you need it; in that case tightly restricted) 5 Redirect On Fri, 18 Feb 2005, Rudi Starcevic wrote: > Hi, > > I'd like to allow only the essential ICMP message messages. > This is for a very busy web server using about 60MB/per sec. > > I have this list of what I think are the essential ICMP types I should > allow. > Do you think this is correct? > Am I missing anything ? > > ICMP,Type,Code Used By > 0 0 Ping > 3 4 Path-MTU Discovery > 4 0 Source Quench > 8 0 Ping > 11 0 traceroute > > Many thanks. > Regards Rudi > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
