Daniel Givens wrote:
On 3/23/06, Pablo <paa-listas@argentina.com> wrote:Can this work: iptables -A INPUT -p icmp -m limit --limit 3/hr -j DROP ; droping only 3 pings per hour?You first set the limit of how many you want to accept, then once that limit is passed, it goes to the next rule, which is to drop it. The original message asked how to limit the pings to only three allowed and then the rest blocked. You're rule blocks the first three and provided you have the policy set to allow, allow the rest. ~Daniel
iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPTiptables -A INPUT -p icmp --icmp-type 8 -m length --length 128:65535 -j LOG --log-level debug --log-prefix IP"ICMP Oversize:" iptables -A INPUT -p icmp --icmp-type 8 -m length --length 128:65535 -j REJECT #--reject-with icmp-host-prohibited iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 3/s -j ACCEPT
iptables -A INPUT -p icmp -f -j LOG --log-prefix "ICMP Fagment:" iptables -A INPUT -p icmp -f -j REJECT This Is a good solution of filtering ICMP I use it and it is working fine It alow only 3 ping per second and ICMP packet sise is maximum 128