Re: proper ICMPv6 syntax for specific daddr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 08.09.22 um 15:31 schrieb Tom:
On 2022-09-08 04:46, Reindl Harald wrote:
why do you make all that so complicated instead write a simple ratelimit rule for ping apply to everyone and *before* have a set which ACCEPTs a specific list of ip's if that's needed at all

OK, sounds good. Perhaps you're under the mistaken impression I'm a NFT expert. Clearly I'm not. Perhaps you could suggest a resource where I might find examples which solve my problem. Better yet, you could provide a practical example. It would be appreciated

in a rulset any rule which is final (DROP, JEJECT, ACCEPT) skips anything below

so you have a chain where you send only ICMP, write first the specific rules and at last one the "everything else" decision not matter if it's ACCEPT/DROP/REJECT

i use iptables-nft because i hate the new syntax and have thousands of lines in scripts for configure and dispaly status of rulesets - but the principles are the same for every firewall



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux