Sorry for the stupid question, but how would I rate limit connections using iptables?
I was thinking of the patch-o-matic-ng patches connlimit and connrate, though I've never used either and they may or may not be expensive for many connections compared to perflow.
Connrate lets you mark packets if they are above limits - you could then drop those later in a filter table or with a TC filter/queue.
regards
Thomas -----Ursprüngliche Nachricht-----
Von: Andy Furniss [mailto:andy.furniss@xxxxxxxxxxxxx] Gesendet: Dienstag, 03. Mai 2005 16:43
An: Andy Furniss
Cc: mandl.t@xxxxxxxxx; 'LARTC'
Betreff: Re: AW: urgent question about tcng!
Andy Furniss wrote:
I don't know tcng, but the reason I suggested perflow is that you want each flow to have a ceil - unless you make a class and rule to match each flow I can't see how you can do this. Also iptables could limit the number of connections - tc can't, perflow can.
Forgot to say you can also use iptables to limit rate per connection.
Andy.
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc