Skip to content

Commit

Permalink
ns-threat_shield: increase default icmp limit (#822)
Browse files Browse the repository at this point in the history 
The icmp limit could be hit if the network, or the firewall itself,
is pinging many hosts for WAN status checking or link quality monitor.

In case of normal user a firewall should be able to easily support 100 icmp packets per second.
Note the limit is not per host, but for all icmp traffic.
  • Loading branch information
@gsanchietti
gsanchietti authored Oct 3, 2024
1 parent 969af2f commit bf088c0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion packages/ns-threat_shield/files/banip-defaults
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ delete banip.global.ban_logterm
add_list banip.global.ban_logterm="Exit before auth from"
add_list banip.global.ban_logterm="authentication failed for user"

set banip.global.ban_icmplimit="10"
set banip.global.ban_icmplimit="100"
set banip.global.ban_synlimit="10"
set banip.global.ban_udplimit="100"

Expand Down

0 comments on commit bf088c0

Please sign in to comment.