That's correct? # Create average iptables -N average # Restrict the number of parallel connections per client IP iptables -A average -m connlimit --connlimit-above 20 -j REJECT # Traffic rate control above the lower limit per client IP iptables -A average -m connlimit ! --connlimit-above 20 \ -m fuzzy --lower-limit 100 --upper-limit 1000 -j REJECT # Allow the traffic below the lower limit iptables -A average -m connlimit ! --connlimit-above 20 -j ACCEPT thanks, julio -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
