firewall: Extend rate limiting for ICMP error messages.
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
Fixes #10489.

config/etc/sysctl.conf

index d6a2f75..a91aeb3 100644 (file)
@@ -1,7 +1,9 @@
 net.ipv4.ip_forward = 1
 net.ipv4.ip_dynaddr = 1
+
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.icmp_ratemask = 88089
 
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_fin_timeout = 30