On Fri, 26 Oct 2001, Nick Thompson wrote:
Heh. I've found the best solution is to neither let ICMP in or out of your network. It works wonders. :)
/nick
Not *all* ICMP is bad you know. For example, I can see prohibiting redirects coming in, but what about going _out_? In the real world, no "blanket acl" is likely to prove both effective *and* useable simultaneously. -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------