Swapnil Jain wrote: > Thanks Tom, > > so > > REDIRECT loc 8080 tcp www - !192.168.100.2 > s:PROXY:10/sec:15 > > would work as well.
It occurs to me that the Shorewall compiler's handling of the above rule is wrong in all Shorewall-perl versions that support it. The generated '-m hashlimit' match is being applied twice to each rule; once in the NAT table and once in the filter table. I'll release a fix for that shortly. But in the mean time, I would recommend using two rules: REDIRECT- (with no RATE LIMIT) and an ACCEPT rule that includes the RATE LIMIT. > > and what should be an ideal number of connection allowed per pc, is 10/sec ok > or too less. > I have no idea. I've never tried to limit HTTP connections per-IP but 10/sec seems high, given that you have a generous burst value (15). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
