I hope you are just blocking ping and *not* icmp. Blocking icmp will break alot of things. It will also break path-mtu discovery. In all honesty, blocking ping does no good for you. If somebody is ping flooding you, your firewall still has to deal with the packets, which if its alot of pings will increase the load on your firewall(obviously dependent on your firewalls hardware). In order to not break network services you should go through and only block the icmp traffic you don't need. (I'll post of list of such traffic in a while) -miah On Tue, Dec 12, 2000 at 01:36:58PM +0100, Raffael Arthur Marty wrote:
I block all pings to my mail/dns-server at the firewall. Now in my fw-logs I found that everytime I get a mail from a certain domain, I have two ping-entries in the logfiles. I found that it is the DNS-Server of the sender which is pinging me.
1. Why does the other DNS-Server ping me? (And send the mail after 2 failed attempts) 2. Should I allow ping to the mail/dns server? What implications would that have?
Thanks
Raffy