Hi! On Sun, Jun 22, 2008 at 11:29 PM, howard chen <howachen@xxxxxxxxx> wrote: > Hi, > > On Sun, Jun 22, 2008 at 1:23 AM, Jose Ildefonso Camargo Tolosa >> for 1: maybe iptables + l7filter ( http://l7-filter.sourceforge.net/ ). >> for 2: iptables, yup, plain iptables. >> for 3. not sure... but maybe iptables + l7filter too. >> > > All the problem with iptables is it is NOT suitable to handle a lot of > rules, it has been discussed in netfilter mailing list before... It didn't sounded like you needed *a lot* of rules. Rate limit, well, a basic rate limit (connections/minute) would take around two~three rules (I don't remember right now). You should have said that you needed to handle > X rules (replace X with your number), and even more if you knew that your number was well "above normal". I agree, you should describe your requirements, so that we can be more useful. Ildefonso.
