On 12/04/2011 01:04 AM, Ian Smith wrote: <SNIP> > > For one, google 'icmp redirect attack' But isn't that handled by setting: net.inet.icmp.drop_redirect=1 > # This is the ICMP rule we generally use: > # ipfw add 10 allow icmp from any to any in icmptypes 0,3,4,11,12,14,16,18 Hmmm.... I just tried this and it seems to break ping...