On October 14, 2003 11:54 pm, Edmund Turner wrote:
> Hey everyone!
> Im tyring to create a proper ICMP chain that will blocked ICMP flooding
> by Viruses and DOS attacks. Would the ruleset below be sufficient?
> I cant simulate the exact ICMP flooding, so im only assuming that
> limiting the ICMP burst to 10 /sec and limiting it to 5/sec.
>
> Any input is appreciated!!
>
> #####################
> #####ICMP CHAINS#####
> #####################
> /sbin/iptables -N ICMP
> /sbin/iptables -F ICMP
> /sbin/iptables -A ICMP -m limit -p ICMP -i eth2 --limit 1 --limit-burst
> 10
> /sbin/iptables -A ICMP -m limit -p ICMP -i eth1 --limit 1 --limit-burst
> 10
> /sbin/iptables -A ICMP -m limit -p ICMP -i eth0 --limit 1 --limit-burst
> 10
> /sbin/iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
> /sbin/iptables -A ICMP -p icmp --icmp-type destination-unreachable -j
> ACCEPT
> /sbin/iptables -A ICMP -p icmp --icmp-type source-quench -j ACCEPT
> /sbin/iptables -A ICMP -p icmp --icmp-type time-exceeded -j ACCEPT
> #/sbin/iptables -A ICMP -p icmp --icmp-type echo-request -j ACCEPT
> /sbin/iptables -A ICMP -p icmp --icmp-type echo-request -m limit --limit
> 5/second -j ACCEPT
The limit rule above will never be used as the packets are allready accepted
by the rule above it.
> /sbin/iptables -A ICMP -p icmp -j LOG --log-level 5 --log-prefix "ICMP
> DROP: "
> /sbin/iptables -A ICMP -p icmp -j DROP
>
>
> regards
> edmund
--
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
