Skip to content
Snippets Groups Projects
Commit ccb6462d authored by ale's avatar ale
Browse files

set a rate limit for incoming ICMP echo request packets

parent 47636463
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 4 additions and 2 deletions
firewall
+ 4
2
View file @ ccb6462d
...@@ -179,8 +179,10 @@ generate_filter() { ...@@ -179,8 +179,10 @@ generate_filter() {
# Enable 6to4 protocols. # Enable 6to4 protocols.
add_rule -A base-input -p ipv6 -j ACCEPT add_rule -A base-input -p ipv6 -j ACCEPT
# Allow useful ICMPs. # Allow useful ICMPs (but rate-limit incoming echo requests).
for icmptype in 3 4 8 11 12 ; do add_rule4 -A base-input -p icmp -m icmp --icmp-type 8 -m limit \
--limit 3/s -j ACCEPT
for icmptype in 3 4 11 12 ; do
add_rule4 -A base-input -p icmp -m icmp \ add_rule4 -A base-input -p icmp -m icmp \
--icmp-type ${icmptype} -j ACCEPT --icmp-type ${icmptype} -j ACCEPT
done done
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment