You can see that your default policy is ACCEPT, so your rule: > iptables -A FORWARD -p icmp -m limit --limit 1/m -j ACCEPT
will accept the packets in the limit, and if it is out of the limit the packet is accepted by the default policy. > Chain FORWARD (policy ACCEPT) Instead you can do: iptables -A FORWARD -p icmp -m limit --limit 1/m -j ACCEPT iptables -A FORWARD -p icmp -j DROP Note that ping is not the only icmp packet which exists, so you might find it useful to add "--icmp-type echo-request" to both lines. best of luck G. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
