Am 07.09.22 um 17:57 schrieb Tom:
Now I'm confused. I'd like to avoid ping floods if possible
but that makes no sense when doing more harm than good - the knee-jerk
reaction kill all icmp is a problem for decades even on IPv4 but will no
longer work with IPv6
but I can't
seem to get the syntax right, so:
enable ping6 rate limiting without crippling icmpv6, please do!
one of the responses contained "Please use 'icmpv6 type { echo-request,
echo-reply}'"
why do you make all that so complicated instead write a simple ratelimit
rule for ping apply to everyone and *before* have a set which ACCEPTs a
specific list of ip's if that's needed at all
"I'd like to avoid ping floods if possible" don't scale at all with a
manually maintained list of source ips and i can't think of anybody with
a justification of more than 5 pings per second
