On Tue, Nov 02, 2004 at 06:23:22AM +0200, Brent Clark wrote:
> Hi
>
> Could anyone please explain to me the lamens terms for --match -limit.
> I dont understand whats it for, or where you use it.
>
> Kind Regards
> Brent Clark
the limit match limits the rate at which a rule will match.
the rule will match the average number events per time period specified
by "--limit", but may match up to "--limit-burst" number of events
initially, and for every "--limit" time period that passes without
a match.
it is most commonly used in rules to (a) throttle the volume of logging
that can take place and (b) protect from SYN floods.
-j
--
"It is better to remain silent and thought a fool, than open your
mouth and remove all doubt."
--The Simpsons
