RE: limit option test with icmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks,
     Dunce cap for me.
 
-----Original Message-----
From: George Vieira [mailto:georgev@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Thu 8/28/2003 8:04 PM
To: Len L.
Cc:
Subject: RE: limit option test with icmp

You specified a limit but do nothing with it.. (ie. no -j command) rewrite it to something like this.
 
iptables -A INPUT -s xxx.xxx.xxx.xxx -p icmp -j ACCEPT  # Allow as much as you want
iptables -A INPUT -m limit -p icmp --limit +1/h --limit-burst 5 -j DROP # But drop most..
 
 
____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd Systems Manager georgev AT citadelcomputer DOT com DOT au
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 http://www.citadelcomputer.com.au
 
 
-----Original Message-----
From: Len L. [mailto:len@xxxxxxxxx]
Sent: Friday, August 29, 2003 10:29 AM
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: limit option test with icmp

Hey guys,
    I must be missing something with the limit option.  I thought I would expand on my firewall by utilizing limits.  As a test I put in the following command:
 
iptables -A INPUT -m limit -p icmp --limit +1/h --limit-burst 5
iptables -A INPUT -s xxx.xxx.xxx.xxx -p icmp -j ACCEPT
iptables -A INPUT -s 0/0 -p icmp -j DROP
 
The intent that I could ping from xxx.xxx.xxx.xxx and see only 6 pings be successful (5 burst and 1 per hour).
 
However the remote ping just keeps on rolling along without a limit.
If I comment out the ACCEPT of xxx.xxx.xxx.xxx pinging stops since it is dropped.
 
I am running RedHat 9.0 kernel 2.4.20-20.9
 
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux