firewall: Extend rate limiting for ICMP error messages.

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index d6a2f75..a91aeb3 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -1,7 +1,9 @@
  net.ipv4.ip_forward = 1
  net.ipv4.ip_dynaddr = 1
+
  net.ipv4.icmp_echo_ignore_broadcasts = 1
  net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.icmp_ratemask = 88089
  
  net.ipv4.tcp_syncookies = 1
  net.ipv4.tcp_fin_timeout = 30
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 4 Mar 2014 13:14:54 +0000 (14:14 +0100)