Nice! Will give it a try if it's already part of the kernel I use :)
Thank you Il giorno 06/gen/2011 18.43, "frostschutz" <frostsch...@metamorpher.de> ha scritto: > On Thu, Jan 06, 2011 at 05:28:43PM +0100, Marco Padovan wrote: >> The single bucket is problematic due to how we manage the gameservers, will >> update the status this evening :p > > So I came across this in the iptables man page... > > ---- > hashlimit > > This patch adds a new match called 'hashlimit'. The idea is to have something like 'limit', but either per destination-ip or per (destip,destport) tuple. > > It gives you the ability to express > '1000 packets per second for every host in 192.168.0.0/16' > > '100 packets per second for every service of 192.168.1.1' > with a single iptables rule. > ---- > > So you can use hashlimit for a 20 pps for each port solution, > still with just a single rule. > > iptables -m hashlimit --hashlimit 20/s --hashlimit-mode destip-destport > > (might also need --hashlimit-htable-size/max/, not sure...) > > Regards > frostschutz > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
