Jorge Agrelo wrote:
Yes, I want to limit (drop) as soon as we receive more than 1/s packet regardless of the source address?, Is there any other way to do that without using limit match with negation?
AFAIK, there isn't.
Regards
The patch below is against ipt_limit.c from 2.6.10. It's *untested* but reflects what I told you. It's just an exemple of how you can make
this module behaving the other way arround.
(NOTE: ipt_limit.c was written to avoid flooding -j LOG)
HTH,
Samuel
--- ipt_limit.c 2005-01-13 20:14:10.000000000 -0500
+++ ipt_limit.c.orig 2005-01-13 20:13:19.000000000 -0500
@@ -82,11 +82,11 @@
/* We're not limited. */
r->credit -= r->cost;
spin_unlock_bh(&limit_lock);
- return 0;
+ return 1;
}
spin_unlock_bh(&limit_lock);
- return 1;
+ return 0;
}
/* Precision saver. */
