[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Documentation on limit module
From:       Jerome de Vivie <j.de.vivie () free ! fr>
Date:       2000-03-28 20:25:55
[Download RAW message or body]


Hi rusty and others,

After a long time out of the internet, I've reconnect to
netfilter.kernelnotes.org, and I 've read the packet-filtering-HOWTO. I'm
suprise to see that "rate" has been renamed to "limit", and the HOWTO
don't reflect the usage of this module:

----------
limit

      This module must be explicitly specified with `-m limit' or `--match
limit'. It is used to restrict the rate of matches, such as for
suppressing log messages. It will only match a given number of  times per
second (by default 3 matches per hour, with a burst of 5). 

----------

The primary goal of this module is to avoid DoS attack. Suppressing log
messages is not the goal of a firewall !

This module should work with default value like 5pkt/seconds added to a
good filtering match like --syn or anything else...


j.    

PS: RV, are u here ?

--
Jerome de Vivie 	j.de.vivie@free.fr

[prev in list] [next in list] [prev in thread] [next in thread]