Treba tak:

Chain ping_flood :

Kód:
-A ping_flood -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A ping_flood -p icmp -m icmp --icmp-type 8 -m limit --limit 10/hour --limit-burst 3 -j LOG
-A ping_flood -p icmp -m icmp --icmp-type 8 -j DROP
A pak to hodis do Chain INPUT.

Sice to neresi zatez prichozi linky, ale uz si muzes nastavit naky to upozorneni => vis, ze se neco deje a muzes brnknout providerovi, at blokne tu IP. Zaroven neporusujes RFC, paac ping ti vlastne jede - nezahodis uplne fsechno.