Community discussions

MikroTik App
  4. RouterOS
  5. General

Limiting ICMP on input chain

Post Reply
 
User avatar
scottvd
newbie
Topic Author
Posts: 31
Joined: Wed Oct 26, 2005 3:50 am
Location: Santa Cruz, CA

Limiting ICMP on input chain

Sat Jan 03, 2015 10:29 pm

RouterOS 6.24 on CCR1036

Trying to limit all ICMP destined for router to 10pp/s. When I have these rules in place the limiting doesn't seem to be functioning properly: as I ping the router from a remote host at a consistent moderate rate of 1-2pps, within a few seconds it's added into the ICMP attack list. Did I get something wrong?
Code: Select all
add chain=input comment="ICMP 10pps" limit=10,0 protocol=icmp
add action=add-src-to-address-list address-list=icmp-attack address-list-timeout=12h chain=input comment="Excess into ICMP attack list" protocol=icmp
add action=drop chain=input comment="Drop ICMP attack list" protocol=icmp src-address-list=icmp-attack
Top
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: Limiting ICMP on input chain

Wed Oct 10, 2018 3:53 pm

I have the same problem, any ideas anyone?
Top
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Limiting ICMP on input chain

Wed Oct 10, 2018 4:18 pm

Set burst to one (1), move last rule (drop) to top and it will work fine.
Top
 
R1CH
Forum Guru
Forum Guru
Posts: 1101
Joined: Sun Oct 01, 2006 11:44 pm

Re: Limiting ICMP on input chain

Wed Oct 10, 2018 6:19 pm

Reminder that ICMP source addresses can be spoofed, adding addresses to a blacklist without being able to verify the source address is a bad practice. It's better to just rate limit (which is built into the kernel - check IP / Settings).
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], patg, PLJ020, quezhou, vagrik, Valerio5000 and 231 guests
  4. RouterOS
  5. General