Community discussions

 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

action after X ammount of pings?

Sun Aug 18, 2013 2:04 pm

Hi

Can someone help me with this, I need a firewall rule that can add a source to address-list after it got pinged a x amount of time, say for example 3 pings put address on address-list.
 
dadaniel
Member Candidate
Member Candidate
Posts: 158
Joined: Fri May 14, 2010 11:51 pm

Re: action after X ammount of pings?

Sun Aug 18, 2013 2:39 pm

Try this:

add chain=forward comment="allow 10 ICMP-requests per second per source IP" dst-limit=10,2,src-address protocol=icmp
add action=add-src-to-address-list address-list=icmpflooders address-list-timeout=60m chain=forward protocol=icmp
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: action after X ammount of pings?

Sun Aug 18, 2013 3:26 pm

Try this:

add chain=forward comment="allow 10 ICMP-requests per second per source IP" dst-limit=10,2,src-address protocol=icmp
add action=add-src-to-address-list address-list=icmpflooders address-list-timeout=60m chain=forward protocol=icmp
thx
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: action after X ammount of pings?

Sun Aug 18, 2013 4:06 pm

Ok, I tested the rule, I changed the rules from forward to input, and after pinging the device 10 times or 100times, it doesn't add anything to address-list.. Am I missing something?
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: action after X ammount of pings?

Sun Aug 18, 2013 4:35 pm

Ok, I tested the rule, I changed the rules from forward to input, and after pinging the device 10 times or 100times, it doesn't add anything to address-list.. Am I missing something?

Make sure your hitting the time threshold. ...
Last edited by efaden on Sun Aug 18, 2013 5:08 pm, edited 3 times in total.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: action after X ammount of pings?

Sun Aug 18, 2013 5:02 pm

Ok, I tested the rule, I changed the rules from forward to input, and after pinging the device 10 times or 100times, it doesn't add anything to address-list.. Am I missing something?

Make sure your hitting the time threshold. ... it has to be more than 10 per second averaged over 2 seconds.
Ohh, I'm using a pc with ping command to continuously ping the host, its like 1 ping every second right.?
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: action after X ammount of pings?

Sun Aug 18, 2013 5:05 pm

Ok, I tested the rule, I changed the rules from forward to input, and after pinging the device 10 times or 100times, it doesn't add anything to address-list.. Am I missing something?

Make sure your hitting the time threshold. ... it has to be more than 10 per second averaged over 2 seconds.
Ohh, I'm using a pc with ping command to continuously ping the host, its like 1 ping every second right.?
Yeah... I forget the command line arguments, but there is a command line argument to set the rate.

I may have made a mistake in my last post... I don't remember if is 10 per second averaged over 2 seconds or 10 per 2 seconds... either way your not hitting the limit.
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: action after X ammount of pings?

Sun Aug 18, 2013 5:43 pm

sweet, its working now, I changed the rate to 3min and burst to 1

:) thx guys

Who is online

Users browsing this forum: MSN [Bot] and 71 guests