Blocking icmp_echo_request does not automatically mean that they
also block icmp_packet_too_big.
At my former employer we blocked most types of inbound ICMP, but
not icmp_packet_too_big, icmp_echo_reply,
icmp_port/net/host_unreachable, and a bunch of others.
Unfortunately this confuses people that think that you have to
be able to ping a host in order for you to reach the host in
other ways such as tcp to port 80 or udp to port 53, etc.
--Eric
-- Eric Wieling <eric@fnords.org> BTEL Consulting Services- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/