Talk:Simple ruleset for a server

From nftables wiki
Jump to navigation Jump to search

Ping flood from single IP address not rate-limited by this ruleset

As reported in the netfilter mailing list, if the ping rules in inbound_ipv4 and inbound_ipv6 are uncommented, the ct accept rule in the inbound chain accepts all pings from a single IP address, regardless of the rate limit in the ping rules. If ping floods from a single IP address are of concern in your installation, you will need to modify this ruleset. One way to do so is suggested in the linked mailing list thread.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Talk:Simple_ruleset_for_a_server&oldid=1070"