iptables

Wade Preston Shearer wadeshearer.lists at me.com
Thu Oct 21 08:58:11 MDT 2010


(sorry for the top post with no trim, I'm on a web client)

Would you recommend not rate-limitingn ping? It's there because it was recommended to me if I remember correctly, not because I felt like it should be.


On Oct 21, 2010, at 07:55 AM, Stuart Jansen <sjansen at buscaluz.org> wrote:

On Thu, 2010-10-21 at 08:31 -0600, Kenneth Burgener wrote:
> Is there a logical reason why not to have it this way?

The nice thing about the tests I put at the top (-i lo and -p icmp) is
that they can be decided by just looking at the packet, no need check
the state table before decideing. (Well, as long as you ignore the fact
that Wade is rate limiting ping.)

In addition, I like to also put the -i lo test first just to make sure I
don't forget it. It's pretty important for a Linux system to be able to
talk to itself.


/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/


More information about the PLUG mailing list