[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Documentation on limit module
From: Jerome de Vivie <j.de.vivie () free ! fr>
Date: 2000-03-28 20:25:55
[Download RAW message or body]
Hi rusty and others,
After a long time out of the internet, I've reconnect to
netfilter.kernelnotes.org, and I 've read the packet-filtering-HOWTO. I'm
suprise to see that "rate" has been renamed to "limit", and the HOWTO
don't reflect the usage of this module:
----------
limit
This module must be explicitly specified with `-m limit' or `--match
limit'. It is used to restrict the rate of matches, such as for
suppressing log messages. It will only match a given number of times per
second (by default 3 matches per hour, with a burst of 5).
----------
The primary goal of this module is to avoid DoS attack. Suppressing log
messages is not the goal of a firewall !
This module should work with default value like 5pkt/seconds added to a
good filtering match like --syn or anything else...
j.
PS: RV, are u here ?
--
Jerome de Vivie j.de.vivie@free.fr
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic