Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Question on iptables
- From: Praise <praisetazio@xxxxxxxxxxxxx>
- Date: Tue, 27 Nov 2001 18:46:44 +0100
- Message-id: <20011127174650.EKHG3006.fep21-svc.tin.it@there>
> > for some reasons I would like to reject with a icmp source-quench.
> > I have tried this:
> > iptables -t filter -A LIMIT -m limit --limit 1/sec -j REJECT
> > --reject-with \ icmp-source-quench
> >
> > The problem is that it does not know nothing about icmp-source-quench...
> > what is the right reject?
>
> try this:
>
> iptables -t filter -p icmp --icmp-type source-quench -j REJECT
>
> With -p icmp --icmp-type .... you can determine, which types you want to
> reject or allow.
>
Hi,
I knew this:-)
I did not want to limit icmp source quench, I want to send them in response
of some packets. The reason is obvious: I am trying to limit bandwidth to
some pc in the internal network.
AFAIK, the cbq script is not useful for me, because I want to limit bandwidth
on user basis and on internal lan network basis. I am not sure if this
turnaround with iptables could work very well, I am trying to check (even if
I dont see why it should not work).
Thank you for your reply, though.
Praise
> > I have tried this:
> > iptables -t filter -A LIMIT -m limit --limit 1/sec -j REJECT
> > --reject-with \ icmp-source-quench
> >
> > The problem is that it does not know nothing about icmp-source-quench...
> > what is the right reject?
>
> try this:
>
> iptables -t filter -p icmp --icmp-type source-quench -j REJECT
>
> With -p icmp --icmp-type .... you can determine, which types you want to
> reject or allow.
>
Hi,
I knew this:-)
I did not want to limit icmp source quench, I want to send them in response
of some packets. The reason is obvious: I am trying to limit bandwidth to
some pc in the internal network.
AFAIK, the cbq script is not useful for me, because I want to limit bandwidth
on user basis and on internal lan network basis. I am not sure if this
turnaround with iptables could work very well, I am trying to check (even if
I dont see why it should not work).
Thank you for your reply, though.
Praise
| < Previous | Next > |