Uuh... I understand that you're a man of little words ;) But since your saying yes to two opposite explanations I still don't know what explanation is the correct one?
1. It says "without a connection arriving", but I assume that even if a connection arrives during the interval (which then gets passed along to the other rules and is not matched to the rule in question because the burst count is 0), then after the interval period the burst count is incremented? 2. Or does the burst count only gets incremented when no new connections are even attempted for at least the duration of the interval period? So that means the interval will reset and starts ticking again every time a connection arrives (even if that connection is not allowed to pass through the rule) until it ticks away to complete interval time? So is explanation 1 true and/or is explanation 2 true? I assume only one of them can be true at the same time... Sander -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: donderdag 15 april 2010 23:24 To: Shorewall Users Subject: Re: [Shorewall-users] Using the limit action on a DNAT rule to prevent DoS attackson a specific port S. J. van Harmelen wrote: > It says "without a connection arriving", but I assume that even if a > connection arrives during the interval (which gets past along to the > other rules and is not matched to the rule in question because the > burst count is 0), then after the interval period the burst count in > incremented? Or does the burst count only gets incremented when no > new connection arrives at the rule for at least the duration of the > interval period? Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
