On Thu, Jan 06, 2011 at 04:16:23PM +0100, Marco Padovan wrote: > as suspected that appear to keep a single bucket and allowing 20/sec on > the whole server... not on every single port :(
Yes, it's a single bucket. Does it really have to be per server? I'd just use a sane value for limit and a large burst here (1000), so short spikes will work but continuous DoS won't. After all even if just one gameserver gets DoSed, in the end it's the whole server that has to cope with the network and CPU. And as long as there is no DoS it will work normally, even with just one bucket. Of course you could still add a separate bucket for each port in the querylimit chain (no need for a drop rule for each port, just put a single drop rule at the end). But if you do that you'll likely run into performance problems again. So I think single bucket is preferable. Also consider combining this with fail2ban or similar, so you can block IPs who are spamming you completely. This will ease load both on your server, and the bucket. Regards frostschutz _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
