Re: RE: Fw rule set question

[dave.long () freenet co uk]

The point is that these ICMP messages will not elicit replies, so cannot be used to 'enumerate' networks. They could 
potentially be spoofed to create some sort of DoS attack, but the difficulties involved make it an unlikely method to 
use.

If you're going to allow any ICMP from the Internet, these are the messages you'd want (plus, maybe, Echo Reply).

Dave