Hello, It seems like the original problem is related to the following iptables rule in the filter:
-A INPUT -m state --state ESTABLISHED -j ACCEPT If the rule is present, even after the icmp rule, the limit is not working. Example of not working config (ICMP rate will not be limited): # Generated by iptables-save v1.4.14 on Wed Jul 10 19:27:58 2013 *raw :PREROUTING ACCEPT [15528:1015871] :OUTPUT ACCEPT [14791:1250149] -A PREROUTING -p icmp -j TRACE -A OUTPUT -p icmp -j TRACE COMMIT # Completed on Wed Jul 10 19:27:58 2013 # Generated by iptables-save v1.4.14 on Wed Jul 10 19:27:58 2013 *filter :INPUT DROP [57:9652] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2421:151014] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A INPUT -p tcp -j ACCEPT -A INPUT -m state --state ESTABLISHED -j ACCEPT COMMIT # Completed on Wed Jul 10 19:27:58 2013 If the rule "-A INPUT -m state --state ESTABLISHED -j ACCEPT" is not present, the limit is working. Could you please advise, how to proceed ? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
