On 01/11/2012 06:39 PM, Limaunion wrote:
Hi all! very simple PF question, is it possible to limit the number of ICMP echo replies, like 5/min from any source address ?
If you're looking to limit the rate emitted by OpenBSD as a host, check out the net.inet.icmp.errppslimit sysctl.
If you're looking to limit the rate forwarded by OpenBSD as a router, then you just apply QoS in pf as usual.
Simon -- DTN made easy, lean, and smart --> http://postellation.viagenie.ca NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca
