Enable ICMP Internally - Or I'll Find You... - UnixDaemon: In search of (a) life

When designing internal firewalls and filtering policies PLEASE stop and think about ICMP Echo Request and ICMP Echo Reply (the ICMP types used by ping). If you turn these off you’re not really gaining any real security (especially on your internal network, and to be honest you want to think long and hard about what turning it off on the external facing machines gets you) and you’re making life much harder than it needs to be in the long run.

Network diagnostics and host discovery are two simple, and quite common, tasks that become a hell of a lot harder to do, and consume more time and resources, if you turn ICMP off. And it annoys the hell out of new staff as they try and learn about your networks, it also irks people you ask to do you a “quick favour”.