On Mon, Jul 16, 2007 at 08:43:00PM +0200, Michele Petrazzo - Unipex srl wrote: > I want to log only 20 ping forwarded on a minute. > > iptables -A FORWARD -p icmp -m limit --limit 20/min -j LOG_ICMP > iptables -A FORWARD -p icmp --icmp-type echo-request -m mark --mark 2 -j > ACCEPT iptables -A FORWARD -p icmp --icmp-type echo-request \ -m limit --limit 20/min -j LOG_ICMP In your first email, I thought you wanted to accept all echo-request without logging, but log other icmp types. What you wrote will log all icmp types, and not only echo-request. Why are you playing with _mark_ in your rules ? -- Franck Joncourt http://www.debian.org - http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
Attachment:
signature.asc
Description: Digital signature
