Hello,
thanks for the reply.
Your rule clearly shows, that the other (not matched by the 1/s rule)
ICMP packets are being considered as ESTABLISHED. I do not understand why.
From
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html;
:
ESTABLISHED
A packet
On Wed, Jul 10, 2013 at 1:30 PM, podo p...@hnup.de wrote:
:INPUT DROP [57:9652]
Note: any packets that have not been sent elsewhere get dropped at the
end of the chain
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2421:151014]
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
Hello,
It seems like the original problem is related to the following iptables rule
in the filter:
-A INPUT -m state --state ESTABLISHED -j ACCEPT
If the rule is present, even after the icmp rule, the limit is not working.
Example of not working config (ICMP rate will not be limited):
#
3 matches
Mail list logo
