aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2005-10-03 19:07:30 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2005-10-03 19:07:30 -0400
commit7ce312467edc270fcbd8a699efabb37ce1802b98 (patch)
treefb267926db2239ddb815b6c5acd1be82ff56229c
parent3e56a40bb36f1f73b4eac2ffe267c5357811e321 (diff)
[IPV4]: Update icmp sysctl docs and disable broadcast ECHO/TIMESTAMP by default
It's not a good idea to be smurf'able by default. The few people who need this can turn it on. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--Documentation/networking/ip-sysctl.txt10
-rw-r--r--net/ipv4/icmp.c2
2 files changed, 8 insertions, 4 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index ab65714d95fc..b433c8a27e2d 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -355,10 +355,14 @@ ip_dynaddr - BOOLEAN
355 Default: 0 355 Default: 0
356 356
357icmp_echo_ignore_all - BOOLEAN 357icmp_echo_ignore_all - BOOLEAN
358 If set non-zero, then the kernel will ignore all ICMP ECHO
359 requests sent to it.
360 Default: 0
361
358icmp_echo_ignore_broadcasts - BOOLEAN 362icmp_echo_ignore_broadcasts - BOOLEAN
359 If either is set to true, then the kernel will ignore either all 363 If set non-zero, then the kernel will ignore all ICMP ECHO and
360 ICMP ECHO requests sent to it or just those to broadcast/multicast 364 TIMESTAMP requests sent to it via broadcast/multicast.
361 addresses, respectively. 365 Default: 1
362 366
363icmp_ratelimit - INTEGER 367icmp_ratelimit - INTEGER
364 Limit the maximal rates for sending ICMP packets whose type matches 368 Limit the maximal rates for sending ICMP packets whose type matches
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 24eb56ae1b5a..90dca711ac9f 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -188,7 +188,7 @@ struct icmp_err icmp_err_convert[] = {
188 188
189/* Control parameters for ECHO replies. */ 189/* Control parameters for ECHO replies. */
190int sysctl_icmp_echo_ignore_all; 190int sysctl_icmp_echo_ignore_all;
191int sysctl_icmp_echo_ignore_broadcasts; 191int sysctl_icmp_echo_ignore_broadcasts = 1;
192 192
193/* Control parameter - ignore bogus broadcast responses? */ 193/* Control parameter - ignore bogus broadcast responses? */
194int sysctl_icmp_ignore_bogus_error_responses; 194int sysctl_icmp_ignore_bogus_error_responses;