On 02/07/13 21:42, Tom Eastep wrote: > On 07/02/2013 12:38 PM, Daniel Pocock wrote: >> >> >> On 02/07/13 21:20, Tom Eastep wrote: >>> On 07/02/2013 11:07 AM, Daniel Pocock wrote: >>>> >>>> >>>> I've tried to create a per-IP rate limit in /etc/shorewall/rules: >>>> >>>> Limit(HTTPRate,25,1):none all dmz:A.B.C.D tcp http >>>> >>>> >>> >>> Limit has been deprecated for some time. You should be using the 'RATE >>> LIMIT' column. >> >> I understand it was deprecated and the rate limit column does work >> >> However, I was keen to have the per-IP rate limit to protect from crude >> DoS attacks, and the rate limit column doesn't appear to support that. > > The RATE LIMIT column supports per-IP rate limiting. >
I had come across this post which suggests that "Limit" is used for per-IP and that the RATE LIMIT column is aggregate: http://copilotco.com/mail-archives/shorewall.2009/msg00362.html I've just found this page as well: http://www.shorewall.net/ConnectionRate.html and reading it carefully, it gives me the impression that the "s:" or "d:" prefixes can create the same effect - is that correct? ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
