Why block outbound ICMP?

security firewall icmp

Blocking ICMP outbound and ALL other connections from your environment is a good start for building your firewall/security policy.

But there are a lot of things that you should know before hand and take into account. A good example is when blocking all ICMP packets while allowing some other protocols such as tcp port 80 (http) could lead to problems with MTU/PMTU. If you have a network connection that uses an encapsulation such as pppoe, GRE, or one of the many others you WILL run into a large number of hard to identify MTU issues.

Good area to start reading is:

  • Path MTU Discovery and Filtering ICMP
  • ICMP STANDS FOR TROUBLE

Security is frequently thought about in a "blacklist everything, whitelist whats needed" context, aft to a tinfoil hat level of limiting outbound connections until someone complains. While its easy to ask "why block" .. a security expert will ask "why do you need" ... This is why a corporate network is very restrictive (blacklist first) vs a standard home network (whitelist everything outgoing).

A machine on your network running on a botnet providing bandwidth for ICMP PING saturation of a host is one realistic scenario.

Related

Ubuntu Server: Don't see my input in terminal
nginx subdomain rewrite
find only files in directory with permissions not set to 644 on linux
"account currently disabled" when accessing share, even before logging in
Where is the central ZFS website now?
After reboot debian box ignore sysctl.conf values
Do I have to update my snakeoil certificate after updating openssl (heartbleed)?
Remove symlink with Ansible
Noisy server rooms
Why would I use Windows Server over Linux? [closed]
Software approval processes in large organizations
Configuring SQL for optimal performance... SSD or HDD?