--- lib/libc/gen/sysctl.3	(revision 272033)
+++ lib/libc/gen/sysctl.3	(working copy)
@@ -585,6 +585,7 @@ 
 .It Sy "Protocol	Variable	Type	Changeable"
 .It "icmp	bmcastecho	integer	yes"
 .It "icmp	maskrepl	integer	yes"
+.It "icmp	tstamprepl	integer	yes"
 .It "ip	forwarding	integer	yes"
 .It "ip	redirect	integer	yes"
 .It "ip	ttl	integer	yes"
@@ -598,6 +599,8 @@ 
 to be answered.
 .It Li icmp.maskrepl
 Returns 1 if ICMP network mask requests are to be answered.
+.It Li icmp.tstamprepl
+Returns 1 if ICMP timestamp requests are to be answered.
 .It Li ip.forwarding
 Returns 1 when IP forwarding is enabled for the host,
 meaning that the host is acting as a router.
--- sys/netinet/icmp_var.h	(revision 272033)
+++ sys/netinet/icmp_var.h	(working copy)
@@ -82,8 +82,9 @@ 
  */
 #define	ICMPCTL_MASKREPL	1	/* allow replies to netmask requests */
 #define	ICMPCTL_STATS		2	/* statistics (read-only) */
-#define ICMPCTL_ICMPLIM		3
-#define ICMPCTL_MAXID		4
+#define	ICMPCTL_ICMPLIM		3
+#define	ICMPCTL_TSTAMPREL	4
+#define	ICMPCTL_MAXID		5
 
 #ifdef _KERNEL
 SYSCTL_DECL(_net_inet_icmp);
--- sys/netinet/ip_icmp.c	(revision 272033)
+++ sys/netinet/ip_icmp.c	(working copy)
@@ -148,6 +148,10 @@ 
 	&VNET_NAME(icmpbmcastecho), 0,
 	"");
 
+static VNET_DEFINE(int, icmptstamprepl) = 1;
+#define	V_icmptstamprepl		VNET(icmptstamprepl)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
+	&VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp requests");
 
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
@@ -541,6 +545,9 @@ 
 			goto reflect;
 
 	case ICMP_TSTAMP:
+		if (V_icmptstamprepl == 0)
+			break;
+
 		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			ICMPSTAT_INC(icps_bmcasttstamp);