I don't fully understand ICMP. Some Internet servers, as I've read, can function perfectly with ICMP completely blocked, but I don't necessarily want to block them all in my firewall.
Which ICMP types can be completely blocked (from any direction) to mitigate portscans?
Would blocking all ICMP (IPv4) types except echoreq (ping if needed for testing), and unreach restrict other typical needed protocols like for email and browsing?
icmp(4) is helpful that it lists ICMP types.
This is not a firewall specific question, I'm using PF, but this is also for IPFW or other firewalls.
Which ICMP types can be completely blocked (from any direction) to mitigate portscans?
Would blocking all ICMP (IPv4) types except echoreq (ping if needed for testing), and unreach restrict other typical needed protocols like for email and browsing?
icmp(4) is helpful that it lists ICMP types.
This is not a firewall specific question, I'm using PF, but this is also for IPFW or other firewalls.