Talk:Simple ruleset for a server

From nftables wiki
Revision as of 21:46, 12 July 2022 by Fmyhr (talk | contribs) (Created page with "== Ping flood from single IP address not rate-limited by this ruleset == As [https://marc.info/?t=165710014500005&r=1&w=2 reported] in the netfilter mailing list, if the ping...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Ping flood from single IP address not rate-limited by this ruleset

As reported in the netfilter mailing list, if the ping rules in inbound_ipv4 and inbound_ipv6 are uncommented, the ct accept rule in the inbound chain accepts all pings from a single IP address, regardless of the rate limit in the ping rules. If ping floods from a single IP address are of concern in your installation, you will need to modify this ruleset. One way to do so is suggested in the linked mailing list thread.