On Fri, 2003-08-29 at 00:15, [EMAIL PROTECTED] wrote: > ** Reply to note from Glen Turner <[EMAIL PROTECTED]> Thu, 28 Aug 2003 13:39:20 +0930 > > Fellas, how about using rate limiting. Linux has marvellous > > QoS features, enough to allow a few ICMP ECHOs for fault > > diagnosis but to deny a ping flood. > > where/how to do so ?
The rule says if you're coming in at a rate that's less than the limit of 10 per minute, you're accepted. Our course you'd follow it with another rule dropping everything. iptables -A INPUT -s BADPEOPLE -p icmp --icmp-type echo request -m limit --limit 10/minute --limit-burst 2 -j ACCEPT Mike __________________________________________________________________________ Mike MacCana Consultant RHCE, MCSE, MCP+I Cybersource: Providing Quality IT Professional Services for 11 Years Specialists in Unix/Linux, TCP/IP and Web Application Development Level 4, 10 Queen St, Melbourne. Ph : 03 9621 2377 Fax: 03 9621 2477 -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
