Hi. Am 07/19/2005 10:13 PM schrieb Jan Engelhardt: > You could use dstlimit with --dstlimit-mode srcip-dstip > and probably save some rules. > > With dstlimit, you also get an overview of which connections are currently > limited, and their burst status, in /proc/net/ipt_dstlimit/DSTLIMIT_NAME > It's because I think some burst math allows to have a second packet sneak in. Won't I have the same problem with it? According to http://www.netfilter.org/patch-o-matic/pom-obsolete.html#pom-obsolete-dstlimit, it's deprecated by hashlimit, but on http://www.netfilter.org/patch-o-matic/pom-submitted.html#pom-submitted-hashlimit, I can't find any information on how to use it in my case... Do you know where to look for it or do you have an example for how to redirect a single host or a bunch of hosts once a day to the local apache when trying to make their first http connection, similar to /sbin/iptables -t nat -I PREROUTING -p tcp -s $IP -i $LAN_DEV --sport 1024: --dport 80 --syn -m limit --limit 1/d --limit-burst 1 -j REDIRECT --to-port 5000 Michael -- PGP Public Key: http://www.num.math.uni-goettingen.de/schachte/key.asc Key fingerprint: C474 8B85 17C0 0232 E439 0FBF 2451 E452 293C D798
