Mark Felder <[email protected]> writes: > Dropping ICMP is not a security method. Please stop doing this!
Slight correction: dropping *all* ICMP is a bad idea. You can get by with just unreach. Add timex, echoreq and echorep for troubleshooting. For IPv6, you want unreach, toobig, neighbrsol and neighbradv. Add timex, echoreq and echorep for troubleshooting, and routersol and routeradv on networks that use SLAAC. DES -- Dag-Erling Smørgrav - [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
