Ok I have this rule in my firewall:
iptables -A INPUT -p udp -d <HOSTA> --dport 1646 -m limit ! --limit 10/sec --limit-burst 20 -j LOG --log-prefix "IPTABLES Radius limit: "
From what I have read this should create a bucket that can hold 20 tokens and fill it at a rate of 10 tokens per second. For every packet with the DST address <HOSTA> on port 1646 take a token out of the bucket. If the bucket is completely empty then match (because of negation) and process the LOG target.
This is not what happens because my tcpdump output shows nothing close to 10 packets per second yet the rule matches and logs.
I know I'm missing something here can someone point it out to me?
Thanks, schu
