[lug] IP Tables
Sean Reifschneider
jafo at tummy.com
Sat Sep 22 22:48:36 MDT 2007
On Sat, Sep 22, 2007 at 06:32:57PM -0600, Nate Duehr wrote:
>karl horlen wrote:
>>rule? if i could do that, i could at least limit the
>>bandwidth ping attacks consume on my pipe. I know it
Nope, the data has already consumed your traffic. You could only limit the
response on it. By the time you drop it, it's already consumed your
bandwidth.
>Like:
>
>/sbin/iptables -A INPUT -i eth0 -p icmp -m limit --limit 2/s -j ACCEPT
hashlimit is a nice module, it lets you specify the limit based on remote
host IP or network.
Thanks,
Sean
--
It would be interesting to be a squirel. They have the cute outfits... The
right kind can fly... -- Evelyn Mitchell, 1998
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the LUG
mailing list