I thought that the burst part was a little more complcated that that. In the first instance you can get 3 pps however iptables won't allow 3 pps in the next second due to its cooldown mechanism. Each time "limit" is passed e.g. 1 second in this case the cooldown decrements by 1 e.g. you'll get a 3 pps burst in first second but second two will only allow 1 as there hasn't been any cooldown. If however second two is quiet the count would have decremented by 1 which would then allow a 2 packet burst in second 3 but not a 3 pkt burst.
e.g.
Quote:
‐‐limit rate: Maximum average matching rate: specified as a number, with an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix; the default is 3/hour.
‐‐limit‐burst number: Maximum initial number of packets to match: this number gets recharged by one every time the limit specified above is not reached, up to this number; the default is 5.
|
Have I interpreted this wrongly?