Re: hashlimit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 03, 2004 at 03:08:39PM +0100, Gerben Roest wrote:
> Dear Harald,
> 
> thanks for your work on the hashlimit match for iptables. Can you tell me 
> if there will be a "srclimit"-type parameter for hashlimit?
> I want to be able to limit the amount of new connections per time-frame, 
> per source host (which i don't have to name explicitly). Will that be 
> possible in the future?

hashlimit already has support for this (mode srcip). This is what makes the
difference between the old 'dstlimit' and the new 'hashlimit' match.

To quote from the help message:

hashlimit v1.3.0 options:
--hashlimit <avg>               max average match rate
                                [Packets per second unless followed by 
                                /sec /minute /hour /day postfixes]
--hashlimit-mode <mode>         mode is a comma-separated list of
                                        dstip,srcip,dstport,srcport
--hashlimit-name <name>         name for /proc/net/ipt_hashlimit/
[--hashlimit-burst <num>]       number to match in a burst, default 5
[--hashlimit-htable-size <num>] number of hashtable buckets
[--hashlimit-htable-max <num>]  number of hashtable entries
[--hashlimit-htable-gcinterval] interval between garbage collection runs
[--hashlimit-htable-expire]     after which time are idle entries expired?


> thanks,
> best regards,
> Gerben Roest.

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux