From 31a3bdf53066a9818a8426cb671c345882684a35 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Thu, 28 Nov 2019 22:47:11 +0000
Subject: factory-default: add sysctl to limit ICMP packets rate

---
 factory-default/sys-apps/baselayout/etc/sysctl.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'factory-default')

diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index f2e5bd0d..21a5fabf 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -151,6 +151,10 @@ net.ipv4.icmp_echo_ignore_broadcasts = 1
 # Ignore bogus responses to broadcast
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 
+# Rate limit ICMP packets to 4 per second
+net.ipv4.icmp_ratemask = 0xFFFF
+net.ipv4.icmp_ratelimit = 25
+
 # Enable SYN cookies
 net.ipv4.tcp_syncookies = 1
 
-- 
cgit v1.2.3