Home/Support/Support Forum/How to prevent a ping flood
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

How to prevent a ping flood

0 votes
Hello All:

I was sure that I posted this question before but can't find it on the forum so am reposting it here.
I want to allow pings on say PPP1 but I don't want to allow an infinite number of pings per unit time. Cisco allows this command for a particular interface:

rate-limit input access-group 102 8000 1500 2000 conform-action transmit exceed-action drop
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply

So you place that rate-limit command on an interface and it prevent too many ping replies per second. In this case:
Input, that is pings coming in,
access-grou 102, ICMP echo replies and outgoing as well,
8000 bps, average rate per second,
1500 bps is the burst size,
2000 is burst max,
Transmit is the function,
Exceed-action is the condition,
Drop, what to do if the condition is exceeded.

In short this limits the pings replies to ~10-15 per second maximum. If you ping flood this interface you'll get a max of 15 back, no more.

Does Digi have something like this?

Cheers,
John
asked Apr 22, 2018 in Digi TransPort Cellular by jserink New to the Community (44 points)

Please log in or register to answer this question.

2 Answers

0 votes
Hi

I have not seen any way to do this in the firewall on the current WR range i would think there is the possiblity in the LR54 with the iptables firewall.

and i agree i have seen this question before

regards

James
answered Apr 23, 2018 by James.Wilson Veteran of the Digi Community (1,225 points)
0 votes
Hi James:

Yes, IPtables does support this:
iptables -A INPUT -p icmp -m limit --limit 2/second --limit-burst 2 -j ACCEPT

WOuld be really good if we could come up with something for the WR series as we're using a cell phone package that limits IP destinations to only our server but the server can also be seen from the Internet. I have enabled pings on the server end (WR44) so that I can bounce keep-alives off it for the ppp units in the field as with the cell package I can't use 8.8.8.8 since its blocked. As a precaution, I'd like to rate limit the ICMP replies to 20 per second or so.

Will see if anyone else can come up with something on this.

Cheers,
John
answered Apr 23, 2018 by jserink New to the Community (44 points)
...