Hi all. I currently have an iptables rule like follows in the raw table: -A PREROUTING -p tcp --dport 1234 --syn -m limit --limit 10000/sec --limit-burst 10000 -j ACCEPT -A PREROUTING -p tcp --syn -j DROP Unfortunately, it seems like 10000 is the highest limit and limit-burst can go. I could duplicate that rule multiple times to get higher, but that would create a massive file for the limits I want, and would likely create a much greater slowdown than what could be achieved with a more flexible module. Does anyone have thoughts on a way to get some sort of rate-limiting (TBF or otherwise) that can handle more PPS than the limit module while still being as efficient as possible? -- Darius Jahandarie -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
