[CentOS] Ping and traceroute...

[John Doe]

> However do you have the luxury of having your members coming from a block of IPs

World wide website... so it is either everything or nothing...



> Blocking ping has always been a pet peeve of mine. Aside from violating RFC-1122 
> (3.2.2.6 Echo Request/Reply: RFC-792 Every host MUST implement an ICMP Echo 
> server function that receives Echo Requests and sends corresponding Echo 
> Replies.) 
> 
> It provides *no* additional security & makes troubleshooting network issues that 
> much more difficult.

So I guess I will look into adding these rules into shorewall.

Thx for all the answers,
JD