factory-default: add sysctl to limit ICMP packets rate

author: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-11-28 22:47:11 +0000
committer: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-11-28 22:47:11 +0000
commit: 31a3bdf53066a9818a8426cb671c345882684a35 (patch)
tree: 241dd0bfe6ea7d1add22dccc69de5997a9a4a4e4 /factory-default
parent: net-p2p/xmr-stak-rx: add net-p2p/xmr-stak-rx (diff)
download: portage-31a3bdf53066a9818a8426cb671c345882684a35.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index f2e5bd0d..21a5fabf 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -151,6 +151,10 @@ net.ipv4.icmp_echo_ignore_broadcasts = 1
 # Ignore bogus responses to broadcast
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 
+# Rate limit ICMP packets to 4 per second
+net.ipv4.icmp_ratemask = 0xFFFF
+net.ipv4.icmp_ratelimit = 25
+
 # Enable SYN cookies
 net.ipv4.tcp_syncookies = 1
author	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-11-28 22:47:11 +0000
committer	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-11-28 22:47:11 +0000
commit	31a3bdf53066a9818a8426cb671c345882684a35 (patch)
tree	241dd0bfe6ea7d1add22dccc69de5997a9a4a4e4 /factory-default
parent	net-p2p/xmr-stak-rx: add net-p2p/xmr-stak-rx (diff)
download	portage-31a3bdf53066a9818a8426cb671c345882684a35.tar.xz