Difference between revisions of "Talk:Simple ruleset for a server"

From nftables wiki
Jump to navigation Jump to search
(Created page with "== Ping flood from single IP address not rate-limited by this ruleset == As [https://marc.info/?t=165710014500005&r=1&w=2 reported] in the netfilter mailing list, if the ping...")
 
(No difference)

Latest revision as of 22:46, 12 July 2022

Ping flood from single IP address not rate-limited by this ruleset

As reported in the netfilter mailing list, if the ping rules in inbound_ipv4 and inbound_ipv6 are uncommented, the ct accept rule in the inbound chain accepts all pings from a single IP address, regardless of the rate limit in the ping rules. If ping floods from a single IP address are of concern in your installation, you will need to modify this ruleset. One way to do so is suggested in the linked mailing list thread.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Talk:Simple_ruleset_for_a_server&oldid=1070"