Hey everyone! Im tyring to create a proper ICMP chain that will blocked ICMP flooding by Viruses and DOS attacks. Would the ruleset below be sufficient? I cant simulate the exact ICMP flooding, so im only assuming that limiting the ICMP burst to 10 /sec and limiting it to 5/sec. Any input is appreciated!! ##################### #####ICMP CHAINS##### ##################### /sbin/iptables -N ICMP /sbin/iptables -F ICMP /sbin/iptables -A ICMP -m limit -p ICMP -i eth2 --limit 1 --limit-burst 10 /sbin/iptables -A ICMP -m limit -p ICMP -i eth1 --limit 1 --limit-burst 10 /sbin/iptables -A ICMP -m limit -p ICMP -i eth0 --limit 1 --limit-burst 10 /sbin/iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT /sbin/iptables -A ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT /sbin/iptables -A ICMP -p icmp --icmp-type source-quench -j ACCEPT /sbin/iptables -A ICMP -p icmp --icmp-type time-exceeded -j ACCEPT #/sbin/iptables -A ICMP -p icmp --icmp-type echo-request -j ACCEPT /sbin/iptables -A ICMP -p icmp --icmp-type echo-request -m limit --limit 5/second -j ACCEPT /sbin/iptables -A ICMP -p icmp -j LOG --log-level 5 --log-prefix "ICMP DROP: " /sbin/iptables -A ICMP -p icmp -j DROP regards edmund
