Ah, response to
ICMP (Ping).
My preference is to have it enabled LAN side (
local) but disabled WAN side (
remote). If I am using a modem/router that does not let it be configured separately for
local and
remote, then I disable it completely. I prefer that my modem/router does not respond to any probes originating from "out there".
I "travel out" from my LAN to one of the build VMs that I use (in a parallel life) and knowing the IPv4 address that is allocated to my modem/router, I initiate a sequence of three pings to that address. Not one "pong" is returned in response to those "pings" --
[Build64R7 ~]$ ping -c 3 W.X.Y.Z
PING W.X.Y.Z (W.X.Y.Z) 56(84) bytes of data.
--- 92.20.246.137 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
[Build64R7 ~]$
Other persons always have it enabled, both
local and
remote.
You could perform an experiment of your own to see the effect of having ping enabled and disabled. Go to the
GRC Internet Vulnerability Profiling Site and scan your modem/router twice, with ping response first configured enabled and then disabled.