On Sun, 2 Nov 2003, Peteris Krumins wrote: > Wednesday, October 29, 2003, 9:12:01 PM, you wrote: > > jso> Hallo Robert, > > jso> On Wed, 29 Oct 2003 13:31:10 -0500 (EST) > jso> "Robert P. J. Day" <rpjday@xxxxxxxxxxxxxx> wrote: > > >> > >> it's not clear from the man page how to reverse the meaning > >> of a limit match. if i want to accept everything *over* a given > >> limit, i'm supposed to use the "!". but where? is it like > >> this? > >> > >> -m ! limit -- limit ... etc etc ... > jso> -m limit ! --limit ... > >> > jso> Take a look at http://iptables-tutorial.frozentux.net/ . There will you > jso> find a good tutorial for iptables. > > > Limit cannot be negated... from the iptables man page: limit This module matches at a limited rate using a token bucket filter. A rule using this extension will match until this limit is reached (unless the ! flag is used). It can be used in combination with the LOG target to give limited logging, for example. so the man page clearly suggests that the limit match can be negated. i'm just not sure how one would do it. what's the syntax? rday
