Re: The limit module

To: debian-firewall@lists.debian.org
Subject: Re: The limit module
From: irvine@vuosaari.hai.fi
Date: Wed, 23 Oct 2002 20:31:18 +0300
Message-id: <[🔎] 20021023173118.GA4546@candy>
In-reply-to: <[🔎] 20021023035238.GA1257@candy>
References: <[🔎] 20021023035238.GA1257@candy>

On Wed, Oct 23, 2002 at 06:52:38AM +0300, iruum0lap@yahoo.co.uk wrote:
> Hei
> 
> Doesn't seem to work that way. Seems that all ping requests are logged - a bit 
> irritating as I have a friend who often leaves ping running and goes and
> does other stuff when he is testing the connection to this machine and the 
> logs get even more boring to read than normal. 
> 
> Am I missing something?

Hello all again

I have to apologise for the letter I wrote earlier. As I walked
to the bus-stop on my way to work I realised what I had done 
wrong.

Near the very top of the fw is the following:

    $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Thus anything that is part of a connection will be accepted. The first
packet will hit the rule:

   $IPT -A INPUT -p icmp -s 0/0 --icmp-type 8 -m limit --limit 3/minute -j LOG --log-prefix "ping"

but all the following packets will never get to that rule but will
be accepted because they are part of an 'ESTABLISHED' connection.

Sorry!

t.irvine

Reply to:

References:
- The limit module
  - From: iruum0lap@yahoo.co.uk

Prev by Date: Re: The limit module
Next by Date: arp magic
Previous by thread: Re: The limit module
Next by thread: arp magic
Index(es):
- Date
- Thread