On Mon, 16 Jul 2001, Joey Hess wrote: > As an only marginally related question, does anyone know of a good way > to configure a linux system to refuse all connections to any system that > is brokenly not responding to ICMP packets?
Hmm... very, very nice idea. I suppose a modified version of the syncookies support, which instead of syncooking, requires a ping reply (sent upon ACKing the SYN packet) with the cookie to establish the connection would do it. Of course, anyone using this and not enforcing ECN is not making any sense ;) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
