From: Gordon R. <drg...@gm...> - 2006-11-14 14:38:43
|
You can see that your default policy is ACCEPT, so your rule: > iptables -A FORWARD -p icmp -m limit --limit 1/m -j ACCEPT will accept the packets in the limit, and if it is out of the limit the packet is accepted by the default policy. > Chain FORWARD (policy ACCEPT) Instead you can do: iptables -A FORWARD -p icmp -m limit --limit 1/m -j ACCEPT iptables -A FORWARD -p icmp -j DROP Note that ping is not the only icmp packet which exists, so you might find it useful to add "--icmp-type echo-request" to both lines. best of luck G. |