It still doesn't improve your security at all. It will just impair proper networking and prevent debugging.
But it's your system, your the boss :-)
On 24.05.2017 22:26, lleachii--- via 44Net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Marius,
Not delusional at all, in my security instance, if I were to have IPENCAP closed, I wouldn't configure my device to send ICMP Unreachable messages for it. The perceived gain is that my router doesn't use CPU resources to process a packet I don't want. This is a common configuration of a Firewall that Drops by default - I'm not "forcing" my firewall to do it. It takes additional configuration to accept-then-reject. The drop by default is helpful in scenarios like a DDoS attack at the border attempting to use you for an amplification attack.