Table of Contents
Advertisement
A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can
hold is reached.
A token is removed from the bucket when an ICMP error message is sent. When the bucket is empty,
ICMP error messages are not sent until a new token is placed in the bucket.
Examples
# Set the interval to 200 milliseconds for tokens to arrive in the bucket and the bucket size to 40
tokens for ICMP error messages.
<Sysname> system-view
[Sysname] ip icmp error-interval 200 40
ip icmp fragment discarding
Use
ip icmp fragment discarding
Use
undo ip icmp fragment discarding
Syntax
ip icmp fragment discarding
undo ip icmp fragment discarding
Default
Forwarding of ICMP fragments is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Disabling forwarding of ICMP fragments can prevent ICMP fragment attacks.
Examples
# Disable forwarding of ICMP fragments.
<Sysname> system-view
[Sysname] ip icmp fragment discarding
ip icmp source
Use
ip icmp source
Use
undo ip icmp source
Syntax
ip icmp source [ vpn-instance vpn-instance-name ] ip-address
undo ip icmp source [ vpn-instance vpn-instance-name ]
Default
No source address is specified for outgoing ICMP packets. The default source IP addresses for
different types of ICMP packets vary as follows:
•
For an ICMP error message, the source IP address is the IP address of the receiving interface
of the packet that triggers the ICMP error message. ICMP error messages include Time
Exceeded, Port Unreachable, and Parameter Problem messages.
to disable forwarding of ICMP fragments.
to specify the source address for outgoing ICMP packets.
to remove the specified source address for outgoing ICMP packets.
23
to enable forwarding of ICMP fragments.
Advertisement
Chapters
Table of Contents
