Why block outbound ICMP?

Blocking ICMP outbound and ALL other connections from your environment is a good start for building your firewall/security policy.

But there are a lot of things that you should know before hand and take into account. A good example is when blocking all ICMP packets while allowing some other protocols such as tcp port 80 (http) could lead to problems with MTU/PMTU. If you have a network connection that uses an encapsulation such as pppoe, GRE, or one of the many others you WILL run into a large number of hard to identify MTU issues.

Good area to start reading is:

  • Path MTU Discovery and Filtering ICMP
  • ICMP STANDS FOR TROUBLE

Security is frequently thought about in a "blacklist everything, whitelist whats needed" context, aft to a tinfoil hat level of limiting outbound connections until someone complains. While its easy to ask "why block" .. a security expert will ask "why do you need" ... This is why a corporate network is very restrictive (blacklist first) vs a standard home network (whitelist everything outgoing).

A machine on your network running on a botnet providing bandwidth for ICMP PING saturation of a host is one realistic scenario.