InteractiveBastille example screen


Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded] Specify the ICMP allowed types.  The default suggestion allows you to probe other hosts with ping and traceroute. Minimally you will need to allow " destination-unreachable".

"destination-unreachable" lets other machines' servers tell your system when things aren't right; don't disable this unless you really know what you're getting into. If you don't allow "echo-reply" and "time-exceeded", you won't be able to use ping and traceroute to debug issues on the "public" networks.


ICMP allowed types: [destination-unreachable echo-reply time-exceeded]