Results 1 to 3 of 3
Hi all! I'm new in the forum, and i'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module: Code: iptables -A INPUT ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-08-2010 #1
- Join Date
- Apr 2010
iptables and limit module
Hi all! I'm new in the forum, and i'm a newbie in the world of netfilter/iptables.
I've read an article about iptables and rate limit module:
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT
I want ping google.com in this way:
the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because i wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be:
iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT
ping -f url_of_gogle
But it doesn't work...
What am I doing wrong?
PS: in man pages of ping we read (about -f option):
-f Flood ping. Outputs packets as fast as they come back or one
hundred times per second, whichever is more. For every
ECHO_REQUEST sent a period ``.'' is printed, while for every
ECHO_REPLY received a backspace is printed. This provides a
rapid display of how many packets are being dropped.
- 04-08-2010 #2
Shouldn't you use echo-reply instead echo-request?
echo-request is for incoming pings
echo-reply is for outgoing pings
At least for iptables...
- 04-10-2010 #3