On Wed, 2002-11-06 at 08:32, Daniel Hartmeier wrote: > If I understand it correctly, netfilter's --limit is used to limit the > number of concurrent connections per source (or destination) address.
Yup, per the iptables manpage (sorry jolan, here it comes again): limit This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the ‘!’ flag is used). It can be used in combination with the LOG target to give limited logging, for example. ‐‐limit rate Maximum average matching rate: specified as a number, with an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix; the default is 3/hour. ‐‐limit‐burst number Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5. -J.