Hi all. I am trying to start to use the hashlimit module and I'm a bit lost. I read the manual but it didn't was so helpful to me. Indeed I'm not understanding very well the burst option. During my tests I believed that the burst was the maximum amount of packets allowed (depending to the unity used -second or minute for example- ). Here is my test rule: iptables -A INPUT -m hashlimit --hashlimit-name synflood --hashlimit-upto 100/s \ --hashlimit-mode srcip --hashlimit-htable-expire 300000 \ --hashlimit-burst 150 \ -j ACCEPT So with there values I believed that an IP can do up to 150 requests per second. When the burst limit is reached the IP can't do no more than the "hashlimit-upto" parameter (so no more than 100 r/s here). In /proc/net/ipt_hashlimit/ synflood, after one request, I can see: 230 10.59.128.41:0->0.0.0.0:0 47680 48000 320 So that means the burst limit will be available again when 48000 is reached (third column) or when this entry will be clear of the hash table. Am I wrong? According to http://www.spinics.net/lists/netfilter/msg52926.html it seems so :/ Also if someone can tell me why "one second" seems to be "32000" I would be glad too. Thanks in advance. Regards. MHT PS: Sorry for my English and maybe for this noob question but I don't read C code. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
