[23973] in North American Network Operators' Group
Re: Smurf tone down
daemon@ATHENA.MIT.EDU (Havard.Eidnes@runit.sintef.no)
Mon May 3 15:51:20 1999
To: alex@nac.net
Cc: bicknell@ufp.org, nanog@merit.edu
From: Havard.Eidnes@runit.sintef.no
In-Reply-To: Your message of "Sat, 1 May 1999 12:31:33 -0400 (EDT)"
Date: Mon, 03 May 1999 21:48:26 +0200
Errors-To: owner-nanog-outgoing@merit.edu
> > 3) Can't manage it. Providers are understaffed with clueful people.
>
> Is this really that hard?
>
> access-list 175 permit icmp any any
> int bleh/bleh
> rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
> rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
I agree, the above isn't all that hard.
However, I'd argue that the above is in some sense wrong.
There's no need to put all ICMP traffic in the same basket; some
ICMP traffic is required for e.g. path MTU discovery to work.
So, instead I'd use
access-list 175 permit icmp any any echo-reply
But you all knew that already, right? ;-)
- H=E5vard
