Bug 10489

Summary:	No rate limiting for REJECT targets
Product:	IPFire	Reporter:	Michael Tremer <michael.tremer>
Component:	---	Assignee:	Michael Tremer <michael.tremer>
Status:	CLOSED FIXED	QA Contact:
Severity:	- Unknown -
Priority:	- Unknown -	CC:	alexander.marx, stefan.schantl
Version:	2
Hardware:	unspecified
OS:	Unspecified
Bug Depends on:
Bug Blocks:	10486

Description Michael Tremer 2014-03-03 08:57:24 UTC

Like there is no rate limiting for LOG rules, there is also no rate limiting for REJECT targets.

This makes it easy to cause a DoS because of the (usually smaller) uplink can be saturated with ICMP error messages.

Comment 1 Michael Tremer 2014-03-04 14:16:46 UTC

http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=fa8229546b11ac356ff1df733a0b17eb045559ee