Firewall setup for 3.0 (PMTUD/ICMP)?

[rafi]

Is it possible to configure a firewall to allow ICMP PER application ? As I see in my firewall- it is a global setting for the whole system, no way to define one application for it . So if you want to still block ping requests to your PC, and allow ICMP for uT - is it possible at all to do that ?

[Firon]

No. ICMP is system-wide. And there's no good reason to disallow pings.

[rafi]

Anonimity ? Protect against scanners ? What exect ICMP type/hole needs to be defined ?

Maybe you should test it also in the setup "guide" in uT, and even on startup.

[paintball9]

If you're behind a router using NAT, then the request won't reach you anyways. But outgoing will still work. The ping request will go directly to the router. If you want to block ping requests from reaching your system individually (if they're port scanning). Seeing as ICMP isn't restricted to any specific port, it's really hard to block with normal rules.

The only good reason I can think of for not wanting your system to respond to ping requests would be as an anti-ddos system. But for the most part your router will protect you. (unless they target the specific port you're forwarded through.

[rafi]

That's why you choose sometimes to block it in the router itself (most routers provide that too).

Anyway , Firewalls CAN define the ICMP type, that's why I asked . uT devs should specify exactly what is needed for PMTUD to work, plus test for it if they want that people will use it.

http://a.imageshack.us/img191/9337/63979642.png