>>Allow incoming ICMP
>> I would only allow ICMP (pings) from local hosts (or better still no hosts at
> all).
>> Just makes it a little bit harder to detect for script kiddies...
Disagree; ICMP is needed for path mtu discovery and other stuff. Things
can *appear* to work but may fail in interesting ways for a small number
of people if you block it. Realistically, the fact that it's on the
internet (i.e. has a global IPv4 address) means it will be scanned for
vulnerabilities frequently; blocking ICMP won't change that significantly.
Dave
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
