Probably this question has been asked several times before in this list. The thing is that I'm confused about how to implement an stateful inspection in FW-1 4.0, since somewhere says that in version 4.0 or higher this ICMP inspection is fully supported and somewhere else says one have to use Bill Burns's (http://people.netscape.com/shadow/) "inspec code" to handle it. All that I want is just to drop all Unix traceroute. Wouldn't be as easy as to drop all outgoing ICMP type-3 packets? Thanks _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls