Firmware <=1.7.2, the LED status daemon ICMP ping floods public DNS servers. Bug Report 1.8.0 beta 2 will instead use the configured gateway, which you can download here. Or you can simply turn off the LED status daemon.
/bin/sh /etc/init.d/S23led stop
Firmware <=1.7.1, had two daemons (CONNMAND and NTP) trying to sync time, which would both bombard NTP servers, resulting in a NTP server responding with KOD or stop responding at all. CONNMAND does not honor KOD or rate limiting. Bug Report 1.7.2 disables CONNMAND trying to sync time, resulting in only NTP. You can force NTP to use a custom NTP server vs the default public NTP servers. Example:
echo "server 192.168.69.5 iburst minpoll 6 maxpoll 8" > /etc/ntp.conf
I put both commands in a /etc/kvmd/user/scripts/S10_icmp_ntp.sh executable script so that it persists on reboot or firmware upgrade. Just make sure the script has execute permissions.
chmod a+x {filename}
I took it a step further to block the RM1 from all non-LAN traffic. It does mean you will not be able use their app to remotely connect, use Tailscale, or perform firmware upgrades without manually downloading the firmware and performing a local upgrade. Example:
# Stop DNS ping flood
/bin/sh /etc/init.d/S23led stop
# Block ICMP
iptables -I OUTPUT 1 -p icmp --icmp-type echo-request -j DROP
# Allow LAN
iptables -I OUTPUT 2 -s 192.168.69.60 -d 192.168.69.0/24 -j ACCEPT
# Block everything else
iptables -I OUTPUT 3 -s 192.168.69.60 -j DROP