I use pf and I only allow echoreq and unreach.
I have traffic that I don't care for and I am consider shutting down icmp.
What is your policy? I will lose ping but that is not essential and I can enable it when needed.
Code:
icmp_types="{echoreq,unreach}"
pass log inet proto icmp all icmp-type $icmp_types
I have traffic that I don't care for and I am consider shutting down icmp.
What is your policy? I will lose ping but that is not essential and I can enable it when needed.