Numerous guides regarding firewalls state to block ICMP on the WAN interface (Input).
However, when i do this internet connection fails.
Now my ISP uses a /31 for the point to point connection (FTTP) to us, to which i then have 1x /30 and 1x /28 route-able blocks.
so my connection is:
0.0.0.0/0 dst - xx.xx.xx.70 gateway on ether1 - no pref source
xx.xx.xx.70 dst - gateway ether1 - xx.xx.xx.71 pref source
then my ip blocks on other interfaces feeding other routers which are NATed
From what i can see from logging the traffic is mainly:
input - icmp - type 8 code 0 from xx.xx.xx.70 to xx.xx.xx.71 accross the P2P link
Can anyone shed some light on this please?
However, when i do this internet connection fails.
Now my ISP uses a /31 for the point to point connection (FTTP) to us, to which i then have 1x /30 and 1x /28 route-able blocks.
so my connection is:
0.0.0.0/0 dst - xx.xx.xx.70 gateway on ether1 - no pref source
xx.xx.xx.70 dst - gateway ether1 - xx.xx.xx.71 pref source
then my ip blocks on other interfaces feeding other routers which are NATed
From what i can see from logging the traffic is mainly:
input - icmp - type 8 code 0 from xx.xx.xx.70 to xx.xx.xx.71 accross the P2P link
Can anyone shed some light on this please?
