On Thu, 2006-12-10 at 14:58 -0700, Caitlin Bestler wrote: > That would seem to limit the usefullness to scenarios where a given > remote IP address *might* be accepted based on total traffic load, > number of other connections from the same IP address, etc. If > *all* requests from that IP address are going to be rejected, why > not use netfilter?
Netfilter or ingress tc may both work; I have a feeling that the poster needs to consult some policy+state in the application first which is more complex than what rate control or number of connections provide (DOS detection?)- in which case, theyd have to write a netfilter target. cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html