It needs more than a little fine tuning, it needs a complete rethink. If you're setting up a new box or adding new RDJ rules, any testing will be immediately blocked thus causing much woe and anguish across the land.
Once per 24 hours is way too restrictive. What you need to do is block after more than so many hits in a 24 hour period. But even then, 24 boxes behind a NATed firewall will cause headaches. So, look carefully at the logs, set your rate limiting to once every 6 hours for a starter, and if you still have problems then solve the problem properly with distributed mirrors on a round-robin DNS or similar. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: Alex Pleiner [mailto:[EMAIL PROTECTED] > Sent: 15 July 2004 17:57 > To: [EMAIL PROTECTED] > Subject: Re: Lint failed - Rules Du Jour > > * Gary Smith <[EMAIL PROTECTED]> [2004-07-15 18:44]: > > a result of the outage or is there a true rate limiter in > affect for > > all users? My morning 9:am run is what is it dies on. I'm also > > pulling 12 rules. So is there a specific limit rate for the rules? > > There is a rate limiter in effect. It stills need some > finetuning, but it works. If you run RDJ once per day, you > will never notice, as the limit is per file. If you are too > greedy, you will be blocked for 24 hours. > HEADs do not count for the limit. > > BTW, no SARE rule was updated currently, so you did not miss anything. > Sorry (I hope to speak in the name of the other ninjas) for > any inconvenience. > > Alex > > -- > Alex Pleiner > zeitform Internet Dienste OHG Fraunhoferstr. 5 > 64283 Darmstadt, Germany > http://www.zeitform.de Tel.: +49 (0)6151 155-635 > mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 > GnuPG/PGP Key-ID: 0x613C21EA >
