Karsten Bräckelmann wrote:
> On Tue, 2009-04-07 at 09:12 -0700, Tom Eastep wrote:
>> 7) Thanks to I. Buijs, it is now possible to rate-limit connections by
>> source IP or destination IP. The LIMIT:BURST column in
>> /etc/shorewall/policy (/etc/shorewall6/policy) and the RATE LIMIT
>> column /etc/shorewall/rules (/etc/shorewall6/rules) have been
>> extended as follows:
>>
>> [{s|d}:[[<name>]:]]<rate>/{sec|min}[:<burst>]
>>
>> When s: is specified, the rate is per source IP address.
>
>> ACCEPT net fw tcp 22 - - s:ssh:3/min
>>
>> This will limit SSH connections from net->fw to 3 per minute.
>
> Sweet! So this effectively supersedes the Limit [1] action?
>
> I assume it also uses the recent match -- does it actually generate the
> same iptables rules?It uses hashlimit. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
