Le 12/07/2022 à 22:00, Marco a écrit :
Am Tue, 12 Jul 2022 21:17:40 +0200 schrieb <tomas@tuxteam.de>:That looks like a sensible strategy to me.It isn't at all, completely blocking incoming ICMP is a very stupid idea. ICMP is used for control messages, e.g. for Path MTU discovery. The only IMCP message that can be blocked is echo request or echo reply, everything else creates problems like nasty timeouts to certain sites. You can block incoming echo requests and let all others through it.
I did not speak of blocking ICMP, I refered to the ICMP (host not reachable, network not reachable or administratively prohibited that the firewall itself emits in cas of a Reject.