Default ICMP filtering/rate limiting

Out of the box, does VyOS (or Debian beneath it) perform any ICMP filtering or rate limiting? When trying to troubleshoot with tools like mtr, we’re noticing some interfaces in our LAN appear to be dropping packets but pings to those same interfaces are working fine. Other interfaces report no packet loss at all, with very similar configurations and no firewall or traffic control rules manipulating ICMP. Is there an algorithm that begins to filter when certain overall conditions are met in the OS?

Hello @eronlloyd . It has by default 1000

sudo sysctl net.ipv4.icmp_ratelimit
net.ipv4.icmp_ratelimit = 1000

You can try to increase this by the following command:

set system sysctl custom net.ipv4.icmp_ratelimit value 10000

Thanks @Dmitry I’ll try that out and report back!

I doubt if net.ipv4.icmp_ratelimit will kick in for packets forwarded by the box.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.