Would some kind person please try pinging the addresses 202.12.88.42 or 202.12.88.106 and let me know the results, please?
I need to test the ICMP block on my router from external ping traffic.
Great, another path MTU discovery black hole, another undiagnosable network.
Fellas, how about using rate limiting. Linux has marvellous QoS features, enough to allow a few ICMP ECHOs for fault diagnosis but to deny a ping flood.
> Note that its probably not a good idea to block ICMP source quench > packets.
Nah, block those suckers. Source Quench is deprecated.
The list is
Block
Obsolete
Source Quench
Information Request/Reply
Datagram Conversion
Shouldn't cross network boundary
Address Mask Request/Reply
Redirect
Domain Name
Router Advertisment/Selection
Required for operation (rate limit these to, say, 10% of bandwidth)
Destination Unreachable
Time Exceeded
Security Failure
Parameter Problem
Required for diagnosis (rate limit these to, say, 1% of bandwidth)
Echo Request/Reply
Timestamp Request/ReplyRegards, Glen
-- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Network Engineer Email: [EMAIL PROTECTED] Australian Academic & Research Network www.aarnet.edu.au -- linux.conf.au 2004, Adelaide lca2004.linux.org.au Main conference 14-17 January 2004 Miniconfs from 12 Jan
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
