On Thu, Jan 06, 2011 at 05:28:43PM +0100, Marco Padovan wrote:
> The single bucket is problematic due to how we manage the gameservers, will
> update the status this evening :p
So I came across this in the iptables man page...
----
hashlimit
This patch adds a new match called 'hashlimit'. The idea is to have something
like 'limit', but either per destination-ip or per (destip,destport) tuple.
It gives you the ability to express
'1000 packets per second for every host in 192.168.0.0/16'
'100 packets per second for every service of 192.168.1.1'
with a single iptables rule.
----
So you can use hashlimit for a 20 pps for each port solution,
still with just a single rule.
iptables -m hashlimit --hashlimit 20/s --hashlimit-mode destip-destport
(might also need --hashlimit-htable-size/max/, not sure...)
Regards
frostschutz
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
