On Wed, 2002-11-06 at 08:32, Daniel Hartmeier wrote:
> If I understand it correctly, netfilter's --limit is used to limit the
> number of concurrent connections per source (or destination) address.
Yup, per the iptables manpage (sorry jolan, here it comes again):
limit
This module matches at a limited rate using a token bucket
filter. A rule using this extension will match until this limit
is reached (unless the ‘!’ flag is used). It can be used in combination
with the LOG target to give limited logging, for example.
‐‐limit rate
Maximum average matching rate: specified as a number,
with an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix;
the
default is 3/hour.
‐‐limit‐burst number
Maximum initial number of packets to match: this
number gets recharged by one every time the limit specified above is
not reached, up to this number; the default is 5.
-J.
