Ray Leach wrote: > On Thu, 2004-02-05 at 00:31, Nuutti Kotivuori wrote: >> The 'connbytes' match in the patch-o-matic matches on cumulative >> transfer amounts on a per connection basis. The 'limit' match >> matches packets on a simple token bucket implementation. Combining >> these two to something which matches bytes on a simple token bucket >> per connection would create the desired result. > > Could you not do it then by using two user defined chains, one for > limit match and one for connbytes? Nay. If you think about what I am wanting, it should be obvious that it can't work. Anyway, I cooked up a patch to do what I wanted - I posted it on the netfilter-devel list just recently. It's still in development and very basic, but seems to work fine. -- Naked
