diff options
author | David S. Miller <davem@sunset.davemloft.net> | 2005-10-03 19:07:30 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-10-03 19:07:30 -0400 |
commit | 7ce312467edc270fcbd8a699efabb37ce1802b98 (patch) | |
tree | fb267926db2239ddb815b6c5acd1be82ff56229c | |
parent | 3e56a40bb36f1f73b4eac2ffe267c5357811e321 (diff) |
[IPV4]: Update icmp sysctl docs and disable broadcast ECHO/TIMESTAMP by default
It's not a good idea to be smurf'able by default.
The few people who need this can turn it on.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | Documentation/networking/ip-sysctl.txt | 10 | ||||
-rw-r--r-- | net/ipv4/icmp.c | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt index ab65714d95fc..b433c8a27e2d 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt | |||
@@ -355,10 +355,14 @@ ip_dynaddr - BOOLEAN | |||
355 | Default: 0 | 355 | Default: 0 |
356 | 356 | ||
357 | icmp_echo_ignore_all - BOOLEAN | 357 | icmp_echo_ignore_all - BOOLEAN |
358 | If set non-zero, then the kernel will ignore all ICMP ECHO | ||
359 | requests sent to it. | ||
360 | Default: 0 | ||
361 | |||
358 | icmp_echo_ignore_broadcasts - BOOLEAN | 362 | icmp_echo_ignore_broadcasts - BOOLEAN |
359 | If either is set to true, then the kernel will ignore either all | 363 | If set non-zero, then the kernel will ignore all ICMP ECHO and |
360 | ICMP ECHO requests sent to it or just those to broadcast/multicast | 364 | TIMESTAMP requests sent to it via broadcast/multicast. |
361 | addresses, respectively. | 365 | Default: 1 |
362 | 366 | ||
363 | icmp_ratelimit - INTEGER | 367 | icmp_ratelimit - INTEGER |
364 | Limit the maximal rates for sending ICMP packets whose type matches | 368 | Limit the maximal rates for sending ICMP packets whose type matches |
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 24eb56ae1b5a..90dca711ac9f 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -188,7 +188,7 @@ struct icmp_err icmp_err_convert[] = { | |||
188 | 188 | ||
189 | /* Control parameters for ECHO replies. */ | 189 | /* Control parameters for ECHO replies. */ |
190 | int sysctl_icmp_echo_ignore_all; | 190 | int sysctl_icmp_echo_ignore_all; |
191 | int sysctl_icmp_echo_ignore_broadcasts; | 191 | int sysctl_icmp_echo_ignore_broadcasts = 1; |
192 | 192 | ||
193 | /* Control parameter - ignore bogus broadcast responses? */ | 193 | /* Control parameter - ignore bogus broadcast responses? */ |
194 | int sysctl_icmp_ignore_bogus_error_responses; | 194 | int sysctl_icmp_ignore_bogus_error_responses; |