Trying to limit all ICMP destined for router to 10pp/s. When I have these rules in place the limiting doesn't seem to be functioning properly: as I ping the router from a remote host at a consistent moderate rate of 1-2pps, within a few seconds it's added into the ICMP attack list. Did I get something wrong?
Code: Select all
add chain=input comment="ICMP 10pps" limit=10,0 protocol=icmp
add action=add-src-to-address-list address-list=icmp-attack address-list-timeout=12h chain=input comment="Excess into ICMP attack list" protocol=icmp
add action=drop chain=input comment="Drop ICMP attack list" protocol=icmp src-address-list=icmp-attack