How to prevent a ping flood

Hello All:

I was sure that I posted this question before but can’t find it on the forum so am reposting it here.
I want to allow pings on say PPP1 but I don’t want to allow an infinite number of pings per unit time. Cisco allows this command for a particular interface:

rate-limit input access-group 102 8000 1500 2000 conform-action transmit exceed-action drop
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply

So you place that rate-limit command on an interface and it prevent too many ping replies per second. In this case:
Input, that is pings coming in,
access-grou 102, ICMP echo replies and outgoing as well,
8000 bps, average rate per second,
1500 bps is the burst size,
2000 is burst max,
Transmit is the function,
Exceed-action is the condition,
Drop, what to do if the condition is exceeded.

In short this limits the pings replies to ~10-15 per second maximum. If you ping flood this interface you’ll get a max of 15 back, no more.

Does Digi have something like this?

Cheers,
John

Hi

I have not seen any way to do this in the firewall on the current WR range i would think there is the possiblity in the LR54 with the iptables firewall.

and i agree i have seen this question before

regards

James

Hi James:

Yes, IPtables does support this:
iptables -A INPUT -p icmp -m limit --limit 2/second --limit-burst 2 -j ACCEPT

WOuld be really good if we could come up with something for the WR series as we’re using a cell phone package that limits IP destinations to only our server but the server can also be seen from the Internet. I have enabled pings on the server end (WR44) so that I can bounce keep-alives off it for the ppp units in the field as with the cell package I can’t use 8.8.8.8 since its blocked. As a precaution, I’d like to rate limit the ICMP replies to 20 per second or so.

Will see if anyone else can come up with something on this.

Cheers,
John