Re: Ok to let all ICMP traffic through firewall?
From: Mike Civil (mike_at_duncodin.org)
Date: Sun, 25 Sep 2005 00:11:12 +0000 (UTC)
In article <MPG.firstname.lastname@example.org>,
Leythos <email@example.com> wrote:
>Which does not change the fact that I can limit ICMP to my non-partners
>without impact on our communications.
I'm sorry but I don't think you know what you're talking about. As
you've previously quoted, without apparently understanding it, ICMP is
predominantly a mechanism for reporting an error in IP. If you block it,
and don't (or rarely) have an error at the IP level, then your setup
will work - beacause there are no errors and ICMP simply isn't
involved. If an error should occur then your blocking of ICMP could
then prevent you from detecting and diagnosing faults, or allowing your
application(s) to handle them.
But it's your setup, and I think we'll just have to agree to differ.