Re: Ok to let all ICMP traffic through firewall?

On Sat, 24 Sep 2005 02:04:37 UTC, Leythos <void@nowhere.lan> wrote:

> In article <176uZD2KcidF-pn2-pu05rwv5JXnr@rikki.tavi.co.uk>, rde42
> @spamcop.net says...
> >
> > ICMP isn't a service, but part of the underlying protocol stack; a fact
> > which you ignore because you apparently don't know any better.
>
> Sorry to have confused you with other things I block. You said that I
> was breaking things by not allowing ICMP, I said that many security
> types block most things, not just ICMP and also indicated some things I
> block.

By bundling the two together, you indicated a lack of understanding of
the difference...

"Blocking Ping is very common, as is blocking inbound 135~139, 445, FTP,
etc..."

> Nothing in the RFC indicates I have to permit ICMP of any type - please
> show where it's mandated if you want to continue this, oh, and don't
> quote the RFC since I've already read it, years ago, and it's not
> mandated that I permit any ICMP inbound to my network.

As I said before...do what you like...it'll be your problem, not mine.
Oh, and I probably read the RFC long before you, anyway.

-- 
[ 7'ism - a condition by which the sufferer experiences an inability
to give concise answers, express reasoned argument or opinion.
Usually accompanied by silly noises and gestures - incurable, early
euthanasia recommended. ]