extensions/libxt_limit.man - platform/external/iptables - Gitiles

 This module matches at a limited rate using a token bucket filter.
 A rule using this extension will match until this limit is reached.
 It can be used in combination with the
 .B LOG
 target to give limited logging, for example.
 .PP
 xt_limit has no negation support - you will have to use \-m hashlimit !
 \-\-hashlimit \fIrate\fP in this case whilst omitting \-\-hashlimit\-mode.
 .TP
 \fB\-\-limit\fP \fIrate\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP]
 Maximum average matching rate: specified as a number, with an optional
 `/second', `/minute', `/hour', or `/day' suffix; the default is
 3/hour.
 .TP
 \fB\-\-limit\-burst\fP \fInumber\fP
 Maximum initial number of packets to match: this number gets
 recharged by one every time the limit specified above is not reached,
 up to this number; the default is 5.
	This module matches at a limited rate using a token bucket filter.
	A rule using this extension will match until this limit is reached.
	It can be used in combination with the
	.B LOG
	target to give limited logging, for example.
	.PP
	xt_limit has no negation support - you will have to use \-m hashlimit !
	\-\-hashlimit \fIrate\fP in this case whilst omitting \-\-hashlimit\-mode.
	.TP
	\fB\-\-limit\fP \fIrate\fP[\fB/second\fP\|\fB/minute\fP\|\fB/hour\fP\|\fB/day\fP]
	Maximum average matching rate: specified as a number, with an optional
	`/second', `/minute', `/hour', or `/day' suffix; the default is
	3/hour.
	.TP
	\fB\-\-limit\-burst\fP \fInumber\fP
	Maximum initial number of packets to match: this number gets
	recharged by one every time the limit specified above is not reached,
	up to this number; the default is 5.