summaryrefslogtreecommitdiffstats
path: root/conf.default/config.xml
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2008-09-01 19:38:34 +0000
committerScott Ullrich <sullrich@pfsense.org>2008-09-01 19:38:34 +0000
commit3828b68ad6879c9892eed09493d503e89d45a8d8 (patch)
tree015e7dec5c8005e0b4953d5ee46f3122f7bdf7f1 /conf.default/config.xml
parent82b61e6b717cf4a743973b6d880790893c4080fe (diff)
downloadpfsense-3828b68ad6879c9892eed09493d503e89d45a8d8.zip
pfsense-3828b68ad6879c9892eed09493d503e89d45a8d8.tar.gz
Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200
wrecked Seths firewall on upgrade due to overwhelming amounts of icmp packets.
Diffstat (limited to 'conf.default/config.xml')
-rw-r--r--conf.default/config.xml25
1 files changed, 15 insertions, 10 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml
index b435352..73bb73c 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -75,16 +75,16 @@
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>0</value>
</item>
- <item>
- <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
- <tunable>net.link.bridge.pfil_member</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Set to 1 to enable filtering on the bridge interface</desc>
- <tunable>net.link.bridge.pfil_bridge</tunable>
- <value>0</value>
- </item>
+ <item>
+ <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
+ <tunable>net.link.bridge.pfil_member</tunable>
+ <value>1</value>
+ </item>
+ <item>
+ <desc>Set to 1 to enable filtering on the bridge interface</desc>
+ <tunable>net.link.bridge.pfil_bridge</tunable>
+ <value>0</value>
+ </item>
<item>
<desc>Allow unprivileged access to tap(4) device nodes</desc>
<tunable>net.link.tap.user_open</tunable>
@@ -119,6 +119,11 @@
<desc>Enable TCP extended debugging</desc>
<tunable>net.inet.tcp.log_debug</tunable>
<value>0</value>
+ </item>
+ <item>
+ <desc>Set ICMP Limits</desc>
+ <tunable>net.inet.icmp.icmplim</tunable>
+ <value>500</value>
</item>
</sysctl>
<system>
OpenPOWER on IntegriCloud