FreeBSD DDoS protection
Chris Boyd
cboyd at gizmopartners.com
Sun Feb 10 19:57:18 UTC 2013
On Sat, 2013-02-09 at 19:57 -0600, khatfield at socllc.net wrote:
>
> Deny all ICMP (drop I mean)
Please DON'T do this. ICMP is a required part of the TCP/IP suite.
It breaks Path MTU discovery, leading to oddball issues where some sites
can't load graphics, some file transfers break, etc.
It makes troubleshooting using traceroute not work.
If you don't want to get pinged, then drop echo request/reply. But
those are really pretty harmless.
--Chris
More information about the freebsd-security
mailing list