Maoz wrote:
> on iptables
>
> iptables -A INPUT -p icmp -j DROP
>
Which is just a HORRID idea. If you want to block ping, block ping
requests...
iptables -A INPUT -p icmp --icmp-type 8 -j DROP
...but for the LOVE OF THE INTERNET don't block destination-unreachable,
source quench or time-exceeded messages. (icmp-type 3, 4 and 12
respectively). For your own troubleshooting, allow echo replies
(icmp-type 0) as well.
Chris
Received on Wed Jan 28 2009 - 20:57:17 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 29 2009 - 12:00:02 MST