On Mon, Jul 16, 2007 at 06:51:34PM +0200, Michele Petrazzo - Unipex srl wrote: > Hi all, > I'm on debian etch with the default kernel (iptables 1.3.6 and 2.6.18). > > I'm trying the limit extension, but the invert flag doesn't work like > the man page say: > """ > iptables -t filter -A FORWARD -m mark --mark 2 -p icmp --icmp-type 8 -m > limit ! --limit 20/min -j ACCEPT > iptables v.1.3.6: limit does not support invert > """ > What I want it's to "limit" the log for icmp protocol to 20/minute > Is that what you are looking for : iptables -A FORWARD -p icmp --icmp-type echo-request -m mark --mark 2 -j ACCEPT iptables -A FORWARD -p icmp -m limit --limit 20/min -j LOG_ICMP -- Franck Joncourt http://www.debian.org - http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
Attachment:
signature.asc
Description: Digital signature
