[netfilter-cvslog] r3236 - trunk/patch-o-matic-ng/hashlimit
/C=DE/ST=Berlin/L=Berlin/O=Netfilter
/C=DE/ST=Berlin/L=Berlin/O=Netfilter
Wed Oct 20 13:06:28 CEST 2004
Author: /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge at netfilter.org
Date: 2004-10-20 13:06:27 +0200 (Wed, 20 Oct 2004)
New Revision: 3236
Added:
trunk/patch-o-matic-ng/hashlimit/help
Log:
add help file for hashlimit
Copied: trunk/patch-o-matic-ng/hashlimit/help (from rev 3235, trunk/patch-o-matic-ng/dstlimit/help)
===================================================================
--- trunk/patch-o-matic-ng/dstlimit/help 2004-10-20 11:01:35 UTC (rev 3235)
+++ trunk/patch-o-matic-ng/hashlimit/help 2004-10-20 11:06:27 UTC (rev 3236)
@@ -0,0 +1,28 @@
+
+This patch adds a new match called 'hashlimit'.
+The idea is to have something like 'limit', but either per
+destination-ip or per (destip,destport) tuple.
+
+It gives you the ability to express
+ '1000 packets per second for every host in 192.168.0.0/16'
+ '100 packets per second for every service of 192.168.1.1'
+with a single iptables rule.
+
+Parameters are:
+ --hashlimit <rate>
+ A rate just like the limit match
+ --hashlimit-burst <num>
+ Burst value, just like limit match
+ --hashlimit-mode destip | destip-destport
+ Limit per IP or per port
+ --hashlimit-name foo
+ The name for the /proc/net/ipt_hashlimit/foo entry
+ --hashlimit-htable-size <num>
+ The number of buckets of the hash table
+ --hashlimit-htable-max <num>
+ Maximum entries in the hash
+ --hashlimit-htable-expire <num>
+ After how many miliseconds do hash entries expire
+ --hashlimit-htable-gcinterval <num>
+ How many miliseconds between garbage collection intervals
+
More information about the netfilter-cvslog
mailing list