ICMP Limits in FreeBSD

FreeBSD limits ICMP and UDP packets that come in on an interface in order to avoid a number of DoS attacks. The Default limits are good for 100Mb/s links but don't work well on 1Gb/s connections. It is important to raise the limits on the FreeBSD box that will be doing a lot of ICMP traffic or UDP traffic (A DNS or NTP server is a very good example).

 

To increase the default limits, edit /etc/sysctl.conf and add in the following line:

 

net.inet.icmp.icmplim=600

or you can set it from the command line on a running system with:

# sysctl -w net.inet.icmp.icmplim=600

NOTE: if you set it from the command line it will not be remembered across reboots. You should still edit the /etc/sysctl.conf file and add it in there as well.