tech-net: Re: Rate limiting ICMP responses?

Subject: Re: Rate limiting ICMP responses?
To: John Klos <john@sixgirls.org>
From: Matt Thomas <matt@3am-software.com>
List: tech-net
Date: 01/13/2002 17:09:31

At 07:50 PM 1/13/2002 -0500, John Klos wrote:
>Hi,
>
>I'm about to compile a new kernel since I'm restarting so I can add
>hardware, and I'd like to be able to rate limit ICMP responses.
>
>I really don't want to do this with IP Filter, and I don't see any sysctl
>variables for this.
>
>How can I set the rate for ICMP responses? Note that I really don't want
>to turn off ICMP; I'd rather have a rate of, say, two responses per second
>so that normal pinging will work. Is there a kernel option for this
>somewhere?
>
>Clues?

It's already in there.  From sysctl(2):

      net.inet.icmp.errppslimit                    integer       yes



-- 
Matt Thomas               Internet:   matt@3am-software.com
3am Software Foundry      WWW URL:    http://www.3am-software.com/bio/matt/
Cupertino, CA             Disclaimer: I avow all knowledge of this message