However, there are two types of ICMP request that can be considered a small security concern (from enter link description here):
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
Type 13 is a request for the exact time according to the destination computer. The exact time can be used to exploit some very weak encryption algorithms in some network protocols, allowing an attacker to gain access to privileged information. Type 17 is a request for the netmask of the interface on which the request was received. A valid response can assist an attacker in learning about the topology of your network. In place of the above rule, I recommend the following three rules:
Type Name Reference ... 13 Timestamp [RFC792] ... 17 Address Mask Request [RFC950]
These rules will prevent the two forbidden ICMP types and allow all others.
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 13 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 17 -j REJECT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT