Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 1 | This module matches at a limited rate using a token bucket filter. |
Jan Engelhardt | c2efcd3 | 2011-02-17 14:56:05 +0100 | [diff] [blame] | 2 | A rule using this extension will match until this limit is reached. |
| 3 | It can be used in combination with the |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 4 | .B LOG |
| 5 | target to give limited logging, for example. |
Jan Engelhardt | c2efcd3 | 2011-02-17 14:56:05 +0100 | [diff] [blame] | 6 | .PP |
| 7 | xt_limit has no negation support - you will have to use \-m hashlimit ! |
| 8 | \-\-hashlimit \fIrate\fP in this case whilst omitting \-\-hashlimit\-mode. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 9 | .TP |
Jan Engelhardt | 2d8f775 | 2010-01-19 18:18:24 +0100 | [diff] [blame] | 10 | \fB\-\-limit\fP \fIrate\fP[\fB/second\fP|\fB/minute\fP|\fB/hour\fP|\fB/day\fP] |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 11 | Maximum average matching rate: specified as a number, with an optional |
| 12 | `/second', `/minute', `/hour', or `/day' suffix; the default is |
| 13 | 3/hour. |
| 14 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 15 | \fB\-\-limit\-burst\fP \fInumber\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 16 | Maximum initial number of packets to match: this number gets |
| 17 | recharged by one every time the limit specified above is not reached, |
| 18 | up to this number; the default is 5. |