On Thu, 30 Mar 2006 07:45:01 +0200 "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> wrote: > >> $ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \ > >> -p tcp --syn -m limit --limit 3/sec -j ACCEPT > > > > If just ONE host from my $LAN_NET will exceed this limit, then ALL > > hosts in $LAN_NET will not able to start new session... and this is > > bad. I want to limit 3/sec per host, not for all net.... > > Yes.. :-\ > Maybe this post is of help then. > http://www.linux-noob.com/forums/index.php?showtopic=1829 I saw it... "-m recent" has only 1 second sampling... i cant handle situaton of 3/sec and etc..... I found "-m dstlimit" module which is handy, *but* for my situation i wanna the same but with limit the packet rate on a per SOURCE ip.... inverted dstlimit :) Any ideads? :/ -- Biomechanica Artificial Sabotage Humanoid
