From 3828b68ad6879c9892eed09493d503e89d45a8d8 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 1 Sep 2008 19:38:34 +0000
Subject: Set net.inet.icmp.icmplim to 500.   Apparently the low setting of 200
 wrecked Seths firewall on upgrade due to overwhelming amounts of icmp
 packets.

---
 cf/conf/config.xml | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'cf')

diff --git a/cf/conf/config.xml b/cf/conf/config.xml
index dc6cb94..85a38d6 100644
--- a/cf/conf/config.xml
+++ b/cf/conf/config.xml
@@ -75,16 +75,16 @@
 			<tunable>net.link.bridge.pfil_onlyip</tunable>
 			<value>0</value>
 		</item>
-                <item>
-                        <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
-                        <tunable>net.link.bridge.pfil_member</tunable>
-                        <value>1</value>
-                </item>
-                <item>
-                        <desc>Set to 1 to enable filtering on the bridge interface</desc>
-                        <tunable>net.link.bridge.pfil_bridge</tunable>
-                        <value>0</value>
-                </item>
+		<item>
+		        <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
+		        <tunable>net.link.bridge.pfil_member</tunable>
+		        <value>1</value>
+		</item>
+		<item>
+		        <desc>Set to 1 to enable filtering on the bridge interface</desc>
+		        <tunable>net.link.bridge.pfil_bridge</tunable>
+		        <value>0</value>
+		</item>
 		<item>
 			<desc>Allow unprivileged access to tap(4) device nodes</desc>
 			<tunable>net.link.tap.user_open</tunable>
@@ -119,7 +119,12 @@
 			<desc>Enable TCP extended debugging</desc>
 			<tunable>net.inet.tcp.log_debug</tunable>
 			<value>0</value>
-		</item>		
+		</item>
+		<item>
+			<desc>Set ICMP Limits</desc>
+			<tunable>net.inet.icmp.icmplim</tunable>
+			<value>500</value>
+		</item>
 	</sysctl>
 	<system>
 		<optimization>normal</optimization>
-- 
cgit v1.1