> However do you have the luxury of having your members coming from a block of IPs World wide website... so it is either everything or nothing... > Blocking ping has always been a pet peeve of mine. Aside from violating RFC-1122 > (3.2.2.6 Echo Request/Reply: RFC-792 Every host MUST implement an ICMP Echo > server function that receives Echo Requests and sends corresponding Echo > Replies.) > > It provides *no* additional security & makes troubleshooting network issues that > much more difficult. So I guess I will look into adding these rules into shorewall. Thx for all the answers, JD