> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of /dev/rob0 > Sent: Wednesday, October 26, 2005 11:56 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Allowing ping > > I think a reasonable --limit is not a bad idea, but there is no > objective measurement of "better". I use a --limit on incoming ping > requests. It might help in the event of a flood ping attack, and you > can still ping to verify your connectivity when you need it. I believe it marginally helps during an attack. If you're DDOS, the packets are still reaching your NIC so you're kinda hosed anyway. --- Pablo Sanchez - Blueoak Database Engineering, Inc Ph: 819.459.1926 Toll free: 888.459.1926 Cell: 819.664.9118 Pgr: pablo_p@xxxxxxxxxxxxx Fax: 603.720.7723 (US) Fax: 514.371.1255 (Canada)
