In article <[EMAIL PROTECTED]>, John Patton <[EMAIL PROTECTED]> wrote: >You could further limit your rules by specifying the source >address of you cable modem provider, something like: > > -A INPUT -p icmp -s provider.cable.net -j ACCEPT > >Just figure out from your logs what ip address(es) they use >for their pings, and then they will be able to ping you as >they please, but nobody else will be able to.
Just as so long you are not blocking ICMP_DEST_UNREACH (code 3) since esp. ICMP_FRAG_NEEDED (subcode 4) is essential for the functioning of the internet at large and there are enough idiots already who block all ICMP at their routers/firewalls. See http://www.worldgate.com/~marcs/mtu/ Mike. -- "dselect has a user interface which scares small children" -- Theodore Tso, on debian-devel
