* Lars Hansson <[EMAIL PROTECTED]> [2007-04-25 11:20:43]: > Kian Mohageri wrote: > >I could argue either way, but my preference is 'block drop' most of the > >time. > > Hopefully "most of the time" does not include ICMP. >
Yeah, wouldn't want to violate RFC 1122. ICMP is a Good Thing. $ ping machine is a hell of a lot easier than crafting some TCP action to see whether a host is up or not. -- Travers Buda
