Package: iptables Version: 1.4.8-3 Severity: normal
Hi all, the rule limiting the number of ICMP packets is not working. Here a part of the "iptables -L" : Chain INPUT (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 2/sec burst 5 It is the first rule in the chain. According to the description, this rule should allow ICMP packets e.g. ICMP echo request to localhost, if the rate is below 2p/s. Otherwise the default DROP policy should be applied to the packets. This does not work, the rate of the ping request/reply is much higher, then 2/s. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iptables depends on: ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib ii libnfnetlink0 1.0.0-1 Netfilter netlink library iptables recommends no packages. iptables suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

