Re: Ok to let all ICMP traffic through firewall?

From: Mike Civil (mike_at_duncodin.org)
Date: 09/25/05

  • Next message: nutso fasst: "Re: How to prevent malware from running on your PC"
    Date: Sun, 25 Sep 2005 00:11:12 +0000 (UTC)
    
    

    In article <MPG.1d9e7f311cb8f5db98a10b@news-server.columbus.rr.com>,
    Leythos <void@nowhere.lan> wrote:
    >Which does not change the fact that I can limit ICMP to my non-partners
    >without impact on our communications.

    I'm sorry but I don't think you know what you're talking about. As
    you've previously quoted, without apparently understanding it, ICMP is
    predominantly a mechanism for reporting an error in IP. If you block it,
    and don't (or rarely) have an error at the IP level, then your setup
    will work - beacause there are no errors and ICMP simply isn't
    involved. If an error should occur then your blocking of ICMP could
    then prevent you from detecting and diagnosing faults, or allowing your
    application(s) to handle them.

    But it's your setup, and I think we'll just have to agree to differ.

    Mike


  • Next message: nutso fasst: "Re: How to prevent malware from running on your PC"