On 01/08/07 14:43, Jan Engelhardt wrote:
-m connlimit
Not to be a stickler, but does connlimit have a way to control the total number of combined in AND out bound connections a host has? I.e. if you were to run this on a gateway where you wanted to limit a computer behind it to a grand total of 10 connections? Wouldn't connlimit usually be applied in such a way as to watch traffic in one direction and another rule to watch the traffic in the other direction? I.e. 10 outbound connections in addition to 3 inbound connections thus totaling 13 connections? Or does connlimit take care of this internally?
I think an answer that I have seen to this in the past has used bridging where you would watch for packets entering the bridge and leaving the bridge at the same time. This way, one rule would catch all inbound AND outbound traffic.
Thoughts / comments / opinions / suggestions are welcomed. Grant. . . .
