* Chad M Stewart <[EMAIL PROTECTED]> [2007-04-25 19:31]: > On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote: > >pass in inet proto icmp all icmp-type $icmp_types keep state > > This can be used as a covert communication channel. Allowing > internal IPs to send/receive ping is bad.
that is the biggest bullshit i have read on this list in some time. if you deny icmp, you shall burn in hell -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
