From 4ee6df084ae528a1bb99cd8ac8ef4c828eb6a024 Mon Sep 17 00:00:00 2001
From: trimstray <trimstray@gmail.com>
Date: Wed, 15 Aug 2018 12:47:39 +0200
Subject: [PATCH] added new entries (updated TOC) - signed-off-by: trimstray
 <trimstray@gmail.com>

---
 README.md | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5035ba6..4d596d5 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,10 @@
   * [Drop Private Network Address On Public Interface](#drop-private-network-address-on-public-interface)
   * [Only Block Incoming Traffic](#only-block-incoming-traffic)
   * [Drop All Outgoing to Facebook Networks](#drop-all-outgoing-to-facebook-networks)
-
+  * [Log and Drop Packets](#log-and-drop-packets)
+  * [Log and Drop Packets with Limited Number of Log Entries](#log-and-drop-packets-with-limited-number-of-log-entries)
+  * [Drop or Accept Traffic From Mac Address](#drop-or-accept-traffic-from-mac-address)
+  * [Block or Allow ICMP Ping Request](#block-or-allow-icmp-ping-request)
 
 ****
 
@@ -391,3 +394,38 @@ for i in $(whois -h whois.radb.net -- '-i origin AS32934' | grep "^route:" | cut
 
 done
 ```
+
+#### Log and Drop Packets
+
+```bash
+ptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG --log-prefix "IP_SPOOF A: "
+iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
+```
+
+By default everything is logged to `/var/log/messages` file:
+
+```bash
+tail -f /var/log/messages
+grep --color 'IP SPOOF' /var/log/messages
+```
+
+#### Log and Drop Packets with Limited Number of Log Entries
+
+```bash
+iptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit --limit 5/m --limit-burst 7 -j LOG --log-prefix "IP_SPOOF A: "
+iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP
+```
+
+#### Drop or Accept Traffic From Mac Address
+
+```bash
+iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
+iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
+```
+
+#### Block or Allow ICMP Ping Request
+
+```bash
+iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
+iptables -A INPUT -i eth1 -p icmp --icmp-type echo-request -j DROP
+```