Firewall Rulesets
Doing more reading and some sources suggest only allowing ICMP (0 - Echo reply, 3 - destination unreachable, 11 - time exceeded) incoming and ICMP 8 outgoing and denying everything else for ICMP. What are your thoughts on this? Any chance of making a rule that sends ICMP 3 out to every scan?

Is it also better to set up individual rules with specific ports, I.E. Firefox needs port 80 for http and 443 for https. Eudora needs 25, 110 and 143 rather than allowing general use rules that are created via loopback?
thanks.

I don't see the point in allowing incoming ICMP, unless you want hackers to know you are reachable, or are simply trying to send garbage info back to them, why both at all?

As for individual rules, I always prefer to set them up, that way I know what is configured. You start by denying everything, then only let what you have to. Some firewalls have an ANY ---> out rule, but I don't like those and prefer to only let out what is explicitly reaquired.

NG

So do you have a specific ICMP deny rule at the top of the list, or just a block anything rule at the end so anything not covered is blocked. I wasn't sure if you had to allow ICMP or not.

Thanks.

There is no reason to allow incoming ICMP at all. You have a block anything rule at the end that covers everything that is not explicitly already permitted.

NG