SV: Rate limiting ???
Christian Rasmussen
chr@egebjerg.com
Wed, 3 Oct 2001 00:47:22 +0200
Hi Daniel,
Unfortunately traffic from a.a.a.a will be affected.
Rate limiting is not based on individual connections, which means that
for example a rate limit on icmp means that if someone triggers the
specified limit noone else will be able to ping.
Regards
Christian Rasmussen
> -----Oprindelig meddelelse-----
> Fra: Daniel F. Advanced UNIX Hosting Admin -
> [mailto:danielf@supportteam.net]
> Sendt: 2. oktober 2001 22:36
> Til: netfilter@lists.samba.org
> Emne: Rate limiting ???
>
>
> Rate limiting may not be the corret terminology for iptables.
>
>
> I understand you can rate limit traffic with ipstables, maybe
> I miss read
> this some where.
>
> My question is, if this is true,
>
> Does it rate limit all connectinos to a sigle limit or does
> it look at it in
> a connection by connection basis.
>
> In other words if IP x.x.x.x is doing a SYN flood and you
> have rate limiting
> of 10/second, and he pushing SYNs in at 30/second then he
> will be limited.
> But traffic from IP a.a.a.a whos only doing 2-4 SYNs /
> second is untouched
> by the rate limiting.
>
> I hope that was clear.
>
> TIA
>
>
> --
> Advanced Hosting UNIX Admin | Daniel Fairchild
> danielf@supportteam.net
>
> Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
>