Dear World,

ping is a very useful command. It lets me see if a host is up. If you block ICMP ECHO/REPLY then I instead have to play the "Guess what service might be listening" game. Or I assume your machine is down and might worry (because I care). So please don't do it. I really don't see what you're trying to gain; it strikes me as firewalling without actually thinking about it. Are you by chance ignoring things like destination unreachable as well? And breaking PMTU discovery? Well done you.