[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Speed controll on outgoing ICMP packets



On Wed, Jun 21, 2000 at 02:20:27PM +0200, raptor wrote:
> > On Mon, 19 Jun 2000, Rodrigo Uzun Fleischmann <uzun@inf.ufrgs.br> wrote:
> > 
> > > Hi,
> > > 
> > > If you "want to limit all outgoing icmp packets", I think the better way
> > > is filter icmp packets on the router.
> > > 
> > > rgds,
> > and that's exactly what i want
> > the router is a linux router.
> 
> ipchains -A -p icmp -s  your_network  -j REJECT

Evil. You've just broken and violated large parts of RFC1122.
You know ICMP has a real purpose in the TCP/IP stack. 

It'll cause more traffic (because the hosts in your network
e.g. cannot tell about disconnected pots), cause slower email delivery,
breaks path mtu discovery and has other negative effects.

And the user can flood with other protocols anyways. 

-Andi

-- 
This is like TV. I don't like TV.