Re: ICMP floods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alistair Tonner wrote:
<Snip>

/sbin/iptables -A ICMP -p icmp --icmp-type source-quench -j ACCEPT
/sbin/iptables -A ICMP -p icmp --icmp-type time-exceeded -j ACCEPT
#/sbin/iptables -A ICMP -p icmp --icmp-type echo-request  -j ACCEPT
^


/sbin/iptables -A ICMP -p icmp --icmp-type echo-request -m limit --limit
5/second  -j ACCEPT


The limit rule above will never be used as the packets are allready accepted by the rule above it.
<Snip>

It's commented out isn't it?

Cheers,
Michael


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux