27Mar
Is it safe to allow all types of ICMP on the end-point stations on a local network? [closed]
I have several Linux Mint 21.3 PCs. Is it safe to allow all types of ICMP on these end-point stations on my local home network?
My IPv4 iptables:
$ sudo iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere /* Allow loopback */
2 DROP all -- anywhere anywhere ctstate INVALID /* Drop invalid packets */
3 REJECT tcp -- anywhere anywhere ctstate NEW tcp flags:!FIN,SYN,RST,ACK/SYN /* Reject new non-syn TCP */ reject-with tcp-reset
4 ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW,ESTABLISHED tcp dpt:ssh /* Allow local SSH on default port */
5 ACCEPT icmp -- anywhere anywhere limit: avg 100/sec burst 500 /* Allow and limit ICMP */
6 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED /* Traffic */
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
