Smurf tone down
Havard.Eidnes at runit.sintef.no
Havard.Eidnes at runit.sintef.no
Mon May 3 19:48:26 UTC 1999
> > 3) Can't manage it. Providers are understaffed with clueful people.
>
> Is this really that hard?
>
> access-list 175 permit icmp any any
> int bleh/bleh
> rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
> rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
I agree, the above isn't all that hard.
However, I'd argue that the above is in some sense wrong.
There's no need to put all ICMP traffic in the same basket; some
ICMP traffic is required for e.g. path MTU discovery to work.
So, instead I'd use
access-list 175 permit icmp any any echo-reply
But you all knew that already, right? ;-)
- Håvard
More information about the NANOG
mailing list