diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2008-09-01 19:38:34 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2008-09-01 19:38:34 +0000 |
commit | 3828b68ad6879c9892eed09493d503e89d45a8d8 (patch) | |
tree | 015e7dec5c8005e0b4953d5ee46f3122f7bdf7f1 /cf | |
parent | 82b61e6b717cf4a743973b6d880790893c4080fe (diff) | |
download | pfsense-3828b68ad6879c9892eed09493d503e89d45a8d8.zip pfsense-3828b68ad6879c9892eed09493d503e89d45a8d8.tar.gz |
Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200
wrecked Seths firewall on upgrade due to overwhelming amounts of icmp
packets.
Diffstat (limited to 'cf')
-rw-r--r-- | cf/conf/config.xml | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml index dc6cb94..85a38d6 100644 --- a/cf/conf/config.xml +++ b/cf/conf/config.xml @@ -75,16 +75,16 @@ <tunable>net.link.bridge.pfil_onlyip</tunable> <value>0</value> </item> - <item> - <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc> - <tunable>net.link.bridge.pfil_member</tunable> - <value>1</value> - </item> - <item> - <desc>Set to 1 to enable filtering on the bridge interface</desc> - <tunable>net.link.bridge.pfil_bridge</tunable> - <value>0</value> - </item> + <item> + <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc> + <tunable>net.link.bridge.pfil_member</tunable> + <value>1</value> + </item> + <item> + <desc>Set to 1 to enable filtering on the bridge interface</desc> + <tunable>net.link.bridge.pfil_bridge</tunable> + <value>0</value> + </item> <item> <desc>Allow unprivileged access to tap(4) device nodes</desc> <tunable>net.link.tap.user_open</tunable> @@ -119,7 +119,12 @@ <desc>Enable TCP extended debugging</desc> <tunable>net.inet.tcp.log_debug</tunable> <value>0</value> - </item> + </item> + <item> + <desc>Set ICMP Limits</desc> + <tunable>net.inet.icmp.icmplim</tunable> + <value>500</value> + </item> </sysctl> <system> <optimization>normal</optimization> |