IPTables limit module
Hi, Im confused about the limit module. Please take a look down quoted on netfilter.org
Quote:
Now on the below statement it said that only 5 connection will be log so it means its the limit-burst. Why is it not 8? Because the limit is 3? Is it mean that the number on limit is useless? Please enlighten me also refer this question on the statement below the command. Thanks! Also how does the credit refresh time calculated? |
Think of it as a bucket of tokens. The limit-burst is the size of the bucket, in this case 5 tokens. The "--limit 3/hour" is the rate at which new tokens get added to the bucket as long as it is not full. Each successful match removes one token from the bucket.
|
Quote:
|
Since you don't know when those 3/hour ticks are coming along, you can't know it exactly. The feature isn't intended for precise measurements. I looked around for some way to see the current state of that bucket, but couldn't find anything.
|
Quote:
|
Yes. Of course the bucket does not have fill completely, just be non-empty. For the given example (3/hour), a new token will arrive every 20 minutes. As soon as that occurs, another packet could satisfy the match, which would again empty the bucket. In 20 more minutes, another token will be added to the bucket. The bucket can never hold more than 5 tokens (--limit-burst 5).
|
Quote:
|
Quote:
|
All times are GMT -5. The time now is 05:53 AM. |