Hi !
I'm agree with you, but I prefer to block ping from external interfaces just
to stay "hidden" to lots of "young hackers".
Of course, I could enable the ping from protected interfaces, but I need one
more rules (or modify the previous one ;-)
This is just because I could not have control of the firewall/gateway, and
if it was the case, I couldn't install NetBSD :-(

Thanks.
----- Original Message -----
From: "Laine Stump" <lainestump@rcn.com>
To: "Eric Delcamp" <e.delcamp_NOSPAM@wanadoo.fr>
Cc: <port-i386@netbsd.org>
Sent: Sunday, March 26, 2000 7:47 PM
Subject: Re: Install script


> At 07:11 PM 3/26/00 +0200, Eric Delcamp wrote:
> >-2- Why the hell, when installing from FTP, do you ping the gateway ? The
> >ping should be only on the DNS or the FTP site, but NOT THE GATEWAY. If
you
> >have a firewall/gateway and declare it hidden in both side, ping failed.
Bad
> >thing. Maybe a question before doing this ?
>
> For that matter, lots of paranoid people these days seem to be blocking
> ping to *anything* (they read an alarmist press report about "Ping of
> Death" some time back, and never bothered to read release notes of their
OS
> saying it was no longer vulnerable). It's easy to declare that such
> machines have a "broken configuration", but much more difficult to pound
it
> into the admin's head that having ping open on a machine that is publicly
> accessible for other functions is a valuable debugging aid.
>
> Of course, I haven't encountered any of these problem when installing
> NetBSD, because the DNS, ftp, and gateway are always under my control (and
> I hardly ever use sysinst anyway), so I don't know what sysinst does when
> these machines aren't pingable. Printing a warning and giving an option to
> reenter the addresses, or to continue, would be okay; refusing to continue
> wouldn't.