Re: It seems every firewall is slagged as snake oil. So how should it be done?



In message <Uuvul.28396$cu.19613@xxxxxxxxxxxxxxxxxxxxxxxxxx> Lie Ryan
<lie.1296@xxxxxxxxx> was claimed to have wrote:

Ansgar -59cobalt- Wiechers wrote:
- A system that doesn't have any open ports, because it doesn't have any
services listening on the external interface, doesn't need a personal
firewall to protect the system from direct inbound attacks.

A system is always vulnerable to ICMP DOS unless the firewall is
instructed to ignore and ignore ICMP packets.

You do know that ICMP does a heck of a lot more then echo
request/responses, much of which you probably want, at least if you
enjoy reliable connectivity.
.