Re: [uml-user] A question on iptables

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

You can see that your default policy is ACCEPT, so your rule:

> iptables -A FORWARD -p icmp  -m limit --limit 1/m -j ACCEPT

will accept the packets in the limit, and if it is out of the limit
the packet is accepted
by the default policy.

> Chain FORWARD (policy ACCEPT)

Instead you can do:
iptables -A FORWARD -p icmp  -m limit --limit 1/m -j ACCEPT
iptables -A FORWARD -p icmp  -j DROP

Note that ping is not the only icmp packet which exists, so you might
find it useful
to add "--icmp-type echo-request" to both lines.

best of luck
G.