<snip> What do you think is dangeous about allowing ping/traceroute?
Neither are be used to establish a service which could be exploited, so why so you care about denying ping / traceroute? <snip> Exactly, I'm going about the firewall as deny everything, then just let through what I know I want to come through. However, in this process it blocks ping by default. I'm trying to figure out what is needed to specifically turn these back on. Sebastiaan's ideas worked fine for ping, but traceroute still doesn't work. Regards, Wm