Smurf tone down

• Previous message (by thread): Smurf tone down
• Next message (by thread): Smurf tone down
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > 3) Can't manage it.  Providers are understaffed with clueful people.
>
> Is this really that hard?
>
> access-list 175 permit icmp any any
> int bleh/bleh
>  rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
>  rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop

I agree, the above isn't all that hard.

However, I'd argue that the above is in some sense wrong.
There's no need to put all ICMP traffic in the same basket; some
ICMP traffic is required for e.g. path MTU discovery to work.
So, instead I'd use

access-list 175 permit icmp any any echo-reply

But you all knew that already, right? ;-)


- Håvard

• Previous message (by thread): Smurf tone down
• Next message (by thread): Smurf tone down
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]