This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1747773286-1360739073=:71572 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Wed, 13 Feb 2013 01:52:29 +0100, Dag-Erling Sm鷨grav wrote: > Mark Felder <feld@feld.me> writes: > > Dropping ICMP is not a security method. Please stop doing this! > Slight correction: dropping *all* ICMP is a bad idea. You can get by > with just unreach. Add timex, echoreq and echorep for troubleshooting. rc.firewall, phk@? has long recommended 3,4,11 as "essential" icmptypes. Are there any negative security implications to including source quench? > For IPv6, you want unreach, toobig, neighbrsol and neighbradv. Add > timex, echoreq and echorep for troubleshooting, and routersol and > routeradv on networks that use SLAAC. cheers, Ian --0-1747773286-1360739073=:71572 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --0-1747773286-1360739073=:71572--