i think applying rate limit to the ACCEPT rule didnt work, the applying to the REDIRECT rule works. i am using 4.4.4.1
i am still confused about the burst value ? Thanks! ------------------------------------------------------------ Swapnil Jain ( http://swapnil-indore.blogspot.com/ ) Networking & Security Consultant ( http://www.pisces.net.in ) Indore, India ------------------------------------------------------------ E-mail: [email protected] GTalk : [email protected] MSN: [email protected] Skype : sj1410 YIM : sj1410 ------------------------------------------------------------ On 13-Feb-2010, at 8:40 PM, Tom Eastep wrote: > Swapnil Jain wrote: >> Thanks Tom, >> >> so >> >> REDIRECT loc 8080 tcp www - !192.168.100.2 >> s:PROXY:10/sec:15 >> >> would work as well. > > It occurs to me that the Shorewall compiler's handling of the above rule > is wrong in all Shorewall-perl versions that support it. The generated > '-m hashlimit' match is being applied twice to each rule; once in the > NAT table and once in the filter table. I'll release a fix for that > shortly. But in the mean time, I would recommend using two rules: > REDIRECT- (with no RATE LIMIT) and an ACCEPT rule that includes the RATE > LIMIT. > >> >> and what should be an ideal number of connection allowed per pc, is 10/sec >> ok or too less. >> > > I have no idea. I've never tried to limit HTTP connections per-IP but > 10/sec seems high, given that you have a generous burst value (15). > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev_______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
