[IPV4]: Update icmp sysctl docs and disable broadcast ECHO/TIMESTAMP by default

It's not a good idea to be smurf'able by default. The few people who need this can turn it on. Signed-off-by: N David S. Miller <davem@davemloft.net>

[IPV4]: Update icmp sysctl docs and disable broadcast ECHO/TIMESTAMP by default
It's not a good idea to be smurf'able by default. The few people who need this can turn it on. Signed-off-by: N David S. Miller <davem@davemloft.net>
7ce31246 · David S. Miller · 3e56a40b · 7ce31246 · 7ce31246
隐藏空白更改
内联并排

Showing with 8 addition and 4 deletion

Documentation/networking/ip-sysctl.txt Documentation/networking/ip-sysctl.txt +7 -3

net/ipv4/icmp.c net/ipv4/icmp.c +1 -1

未找到文件。
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -355,10 +355,14 @@ ip_dynaddr - BOOLEAN
 	Default: 0

 icmp_echo_ignore_all - BOOLEAN
+	If set non-zero, then the kernel will ignore all ICMP ECHO
+	requests sent to it.
+	Default: 0
+
 icmp_echo_ignore_broadcasts - BOOLEAN
-	If either is set to true, then the kernel will ignore either all
-	ICMP ECHO requests sent to it or just those to broadcast/multicast
-	addresses, respectively.
+	If set non-zero, then the kernel will ignore all ICMP ECHO and
+	TIMESTAMP requests sent to it via broadcast/multicast.
+	Default: 1

 icmp_ratelimit - INTEGER
 	Limit the maximal rates for sending ICMP packets whose type matches

--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -188,7 +188,7 @@ struct icmp_err icmp_err_convert[] = {

 /* Control parameters for ECHO replies. */
 int sysctl_icmp_echo_ignore_all;
-int sysctl_icmp_echo_ignore_broadcasts;
+int sysctl_icmp_echo_ignore_broadcasts = 1;

 /* Control parameter - ignore bogus broadcast responses? */
 int sysctl_icmp_ignore_bogus_error_responses;