On Thu, 2016-02-25 at 07:19 +0000, James Hogarth wrote: > Well if you really want to call it a problem... Blocking ICMP via a host > based firewall remains pretty silly. On all servers I used IPtables to block (DROP) all incoming ICMPs except:- type 0 state RELATED,ESTABLISHED type 3 state RELATED,ESTABLISHED type 8 state NEW,RELATED,ESTABLISHED type 11 state RELATED,ESTABLISHED All outgoing ICMPs are blocked except for:- type 0 state RELATED,ESTABLISHED type 8 state NEW,RELATED,ESTABLISHED Am I silly too ;-) -- Regards, Paul. England, EU. England's place is in the European Union.