I have a question about the ‘Network Security Policy’ → ‘Global Rules’ settings. I prefer a tight configuration and have so far made the following global rules:
1: Allow In/Out ICMP fragmentation-needed (Type 3, Code 4)
2: Allow In/Out ICMP Time-exceeded (Type 11, Code 0)
3: Allow In ICMP echo-reply (Type 0, Code 0)
4: Block In/Out ICMP Any
Should I add a final rule ‘Block IP In/Out, From Any To Any, Protocol Any’ like there was in CFP 2.4, or is not specifically allowed traffic automatically dropped?
Is the amount of firewall logging automatically limited in case of flooding (a DOS attack)?
Would it make sense to add the rule 'Allow Out ICMP echo-request (Type 8, Code 0) between 192.168.x.x (my router) and 192.168.x.x (my computer) on the LAN? Or would this only be useful if I also allowed traffic from the first known hop of my ISP router?