On Wed, 3 Oct 2001, Kevin Kaminski wrote:

> What is a safe ICMP configuration in the real world that will not
> affect client connectivity? Or maybe I should leave it more open as to
> what is your policy on ICMP with Win2K and why?

I don't use Windows for ICMP filtering (and hence don't know the type
numbering used by Microsoft), but I typically allow only

  ECHOREPLY
  ECHO
  TIME_EXCEEDED

on inbound connections unrelated to any established outbound
connections. I haven't experienced any troubles with that configuration.

-- Paul Heinlein <heinleinmeasurecast.com>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]