Network monitor - ICMP - Defaults

Can anybody explain the default choice for ICMP protocol? By default, firewall allows only “fragmentation needed” and “time exceeded” in, and “echo request” out messages. Why other messages are not allowed? For example, “host unreachable” message at first glance does not seem more harmful than those three.

Also, what is GRE protocol?

These two threads helped me in a big way:

Thx for these links. However, it seems that they say nothing about icmp :frowning:

This might help explain some of your questions: Internet Control Message Protocol - Wikipedia

“Fragmentation needed” and “Time exceeded” are two commonly-returned ICMP error messages. Some systems may function more smoothly if those error messages are allowed back in from the remote source. It also helps prevent the logs from being filled with such messages (can be prevented by some custom rules, but that’s a different issue).

“Echo Request” is an Outgoing ICMP message used in the performance of functions like Ping, TraceRoute, etc. These are commonly used in network administration and various other ways as well.

These rules are included in the defaults as ones that are commonplace and convenient to have for the majority of users. If you do not think you need them (I never have personally), you may safely remove them. AFAIK, ICMP is not recognized as a viable threat.

GRE stands for Generic Routing Encapsulation. It is a protocol commonly used on networks by routers, and sometimes perhaps servers. Again, it’s not something that I have ever needed to have.

Hope that helps,


PS: Welcome to the forums!