On Wed, Jul 6, 2022 at 12:26 PM Frank Myhr <fmyhr@xxxxxxxxxxx> wrote: > * I agree that your modifications will counter a single-ip ping flood > attack. Whether that attack is significant compared with, say, DDoS ping > floods or attacks against other services, will depend on the particulars > of your installation. If the single-ip ping flood *is* a big concern, it > may be better to use a different ruleset construction with icmp in a > dedicated chain. The discussion about netfilter/conntrack approach is really not at my level, but regarding the attack scenario, It's more of a total packets issue. If each source is allowed to send unlimited (let's say 100) packets, then the attack could ramp at 100*5 packets per second, so after 60 minute could be at 1.8M packets/s. This limits the reach of my knowledge about any of this :D I just tried to get this configuration working for me. Thanks