|
|
|
|
|
|
by silverwind
4184 days ago
|
|
|
Blocking ICMP is a questionable practice in my opinion. It generally just complicates troubleshooting for a marginable gain in "security" and some applications even require it for PMTU discovery. If you're really worried about user tunneling out through various tricks, you'd probably have to block the whole internet and apply a whitelist of trusted destination hosts. As a heavy ping user, this blockage always bothered me, so I started working on a similar tool to get around this: https://github.com/silverwind/tcpie |
|
|