[kstrauser]

That kind of cargo culted tradition is how you end up with weird packet loss and VPNs that flat-out refuse to work.

I could be convinced to block inbound pings. Anything past that and I'd want solid evidence that it wouldn't break anything, with the expectation that it would.

[tolciho]

address-mask-request and redirect and timestamp-request for IPv4 might be problematic to allow inbound from who knows where. echo-request might well be rate limited so remote hosts can ping certain servers (but not random client host IPs), but not too many pings per second.